*One* solution is not to use popular programs. The best way to succeed at that is to also not use a 'popular' Operating System. Any OS where the user/owner is locked out of absolute control is not a good choice. #FOSS
-
-
-
No. Injection pretty much works on any arbitrary executable. You have to develop only once for every OS. Also, open source package managers are notoriously weak with their cryptographic infrastructure. Open source will not save your ass on this one.
-
I agree regarding shoddy checks and possibility of injection. But I see that on commercial/closed software nowadays almost any app implements their own update logic. And I'm pretty certain that most do even worse crypto/signing/checks than pacman/apt/emerge/…
-
How is that different from, say, npm?
-
Well, yes, I concur. That's a trainwreck. And I don't claim that open-source, in its current implemented form, is inherently better. But I believe (maybe erroneously) in commercial windows-software world it's currently *more* *prevalent* that everyone implements own updating.
End of conversation
New conversation -
-
-
Is it modifying the download / installer in flight between the source and destination or wholesale replacing the download with an altered / modified one?

-
Well, modifying the executable in flight is what I would have implemented there.
-
With my evil hat on I would do the same. However it seems they are using 307 redirects instead, with a clear fingerprint. That looks suspicious or careless.
-
Tweet unavailable
-
I'm going for suspecious. Anyone inspecting traffic would see a very clear marker for tampering.
-
Thank God evil is incompetent?
-
It's isn't always and best not to rely on that happening in the future :-/
End of conversation
New conversation -
-
-
As 21yo eng. student I had no qualms about designing weapons. Since then I've turned down: impl. an invisible proxy to replace ads for non-HTTPS requests; build medical diagnosis software to sell cancer cure w/o scientific basis. Engineers are a last line of defense.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I'm glad that you rejected the offer. The world needs more people like you!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
„If we do not build these concentration camps and gas chambers, someone else will.“ Ever wondered where the idea for hell and eternal damnation came from?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.