|
|
Subscribe / Log in / New account

Protecting update systems from nation-state attackers

Protecting update systems from nation-state attackers

Posted Jul 30, 2019 19:59 UTC (Tue) by k8to (guest, #15413)
In reply to: Protecting update systems from nation-state attackers by mb
Parent article: Protecting update systems from nation-state attackers

I feel that auto makers have, overall, shown a vastly better track record than browser vendors.

They simply live in a world with much higher requirements for following through. I'm willing to believe they could handle updating a key periodically until shown otherwise.

This is coming from someone who was unhappy about addon signing before it was even deployed.

If you wanted to address the auto maker ceasing to issue updates problem, then you'd need a system where trusted third parties could also update, which seems like it would be a pretty big attack vector against the problem this system is attempting to solve.

Maybe I missed something here.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds