[Cryptography] Kali Linux security is a joke!

Henry Baker hbaker1 at pipeline.com
Mon Mar 16 15:07:08 EDT 2015

FYI --


"Downloading Kali Linux"

"Alert!  Always make certain you are downloading Kali Linux from official sources, as well as verifying md5sums against official values.  It would be easy for a malicious entity to modify a Kali install to contain malicious code, and host it unofficially."

No kidding!

So how come whenever you do apt-get in Kali Linux, it accesses http://security.kali.org and http://http.kali.org ??

Hasn't Kali heard about MITM attacks against http ??

What's the point of verifying md5sums against official values, if Kali can't even get the "official values" securely ??

More information about the cryptography mailing list