https://www.trailofbits.com/resources/flame-md5.pdf … Sotirov's slides about the Flame MD5 attack.
-
-
@slightlylate It depends on the signature on the file it downloads which is a reasonable thing to do, if the sig algo is secure, not MD5. -
@kragen : yeah, I've heard similar excuses for why other updaters are safe to use...but "invent your own crypto" is STILL an anti-pattern. - 13 more replies
New conversation -
-
-
@slightlylate@kragen it moves signed packages and they're signed well -
@dakami@slightlylate Well, maybe they are *now*. If they are, then sure, totally legit. - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.