Cybersecurity

5685 readers

73 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Mac and Windows users infected by software updates delivered over hacked ISP (arstechnica.com)

submitted 3 months ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works

5 comments fedilink hide all child comments

DNS poisoning attack worked even when targets used DNS from Google and Cloudflare.

you are viewing a single comment's thread
view the rest of the comments

[–] kolorafa@lemmy.world 9 points 3 months ago (2 children)

One more reason to have centralized and secure way to do app updates like in Linux (yes, you could still get f for example with not signed app images and such, but less likely)

Not allowing every single app maker make their own update center is the way to go.

[–] sugar_in_your_tea@sh.itjust.works 4 points 3 months ago* (last edited 3 months ago)

Less central repo, and more signed packages. I don't care where my packages come from, I just care that they're signed and verified on the client. I can use any mirror I want, including the one I self-host, and I'll get the same result. Then the problem changes to making sure your mirror is in sync, and that shouldn't be that hard.

[–] vrek@programming.dev 3 points 3 months ago (1 children)

At that point it's a single point of failure, hack that central repo and infect everything. Plus Linux is not centralized... That's kinda the point, suse, Debian, arch, red hat all have their own repos....

[–] kolorafa@lemmy.world 3 points 3 months ago* (last edited 3 months ago)

Yes, but you as a user are in control of when/how you update, you can first update some test server and only then propagate it to other.

But still better have single (hopefully secure) risk point/target that you need to pay attention than have multiple god know when/how updating that you dont even dont know about.