Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Sparkle updater check vulnerability script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sparkle updater check vulnerability script

Subject: Re: Sparkle updater check vulnerability script
From: "Jacopille, David" <email@hidden>
Date: Wed, 10 Feb 2016 20:10:30 +0000
Thread-topic: Sparkle updater check vulnerability script

Quantity of vulnerable apps is not red flag.  Prior to an exploit it would
be difficult to know which Sparkle apps, or how many, someone has.

Each additional application you download isn’t a red flag, it’s more of a
new open door to your computer.

While MiTM attacks can be performed close to a target computer, ‘three
letter’ agencies definitely have the resources to do MiTM attacks closer
to the source server. All copies of the software would have malicious
code.  Like a dragnet, they can sort out which breached computers they are
interested in later.

We’ve learned two things about how three letter agencies work in the past
couple of years:
        1.  They are well funded.  They can find exploits like this one years
before the public.
        2.  They aggressively use exploits.  Sometimes just because they can.

On 2/10/16, 1:18 PM, "Oakman" <email@hidden> wrote:

>Are you implying that having a certain number of applications on one
>computer system is a red-flag to the 'three letter' people?
>
>
>On Feb 10, 2016, at 11:04AM, Jacopille, David wrote:
>
>> 41!?
>>
>> You could try waving at your webcam to say hi to the dozen ‘three
>>letter’ agencies watching you right now.
>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>AppleScript-Users mailing list      (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>.com
>Archives: http://lists.apple.com/archives/applescript-users
>
>This email sent to email@hidden

MFS Email system made the following annotation
---------------------------------------------------------------------------------------------------------------------------------------
This email communication and any attachments may contain proprietary, confidential, or privileged information. If you are not the intended recipient, you are hereby notified that you have received this email in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. The sender does not waive confidentiality or any privilege by mistransmission. If you have received this email in error, please notify the sender immediately, delete this email, and destroy all copies and any attachments.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden

References:
	>Re: Sparkle updater check vulnerability script (From: sqwarqDev <email@hidden>)
	>Re: Sparkle updater check vulnerability script (From: 2551phil <email@hidden>)
	>Re: Sparkle updater check vulnerability script (From: Bill Cheeseman <email@hidden>)
	>Re: Sparkle updater check vulnerability script (From: 2551phil <email@hidden>)
	>Re: Sparkle updater check vulnerability script (From: Bill Cheeseman <email@hidden>)
	>Re: Sparkle updater check vulnerability script (From: Robert Poland <email@hidden>)
	>Re: Sparkle updater check vulnerability script (From: "Jacopille, David" <email@hidden>)
	>Re: Sparkle updater check vulnerability script (From: Oakman <email@hidden>)

Prev by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
Next by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
Previous by thread: Re: Sparkle updater check vulnerability script
Next by thread: Re: Sparkle updater check vulnerability script
Index(es):
- Date
- Thread