[Cryptography] Kali Linux security is a joke!
alan at clueserver.org
alan at clueserver.org
Tue Mar 17 14:32:20 EDT 2015
> FYI --
>
> http://docs.kali.org/category/introduction
>
> "Downloading Kali Linux"
>
> "Alert! Always make certain you are downloading Kali Linux from official
> sources, as well as verifying md5sums against official values. It would
> be easy for a malicious entity to modify a Kali install to contain
> malicious code, and host it unofficially."
> ---
>
> No kidding!
>
> So how come whenever you do apt-get in Kali Linux, it accesses
> http://security.kali.org and http://http.kali.org ??
>
> Hasn't Kali heard about MITM attacks against http ??
>
> What's the point of verifying md5sums against official values, if Kali
> can't even get the "official values" securely ??
Not to mention that md5 is bjorken.
Cryptographic signatures on releases or go home.
More information about the cryptography
mailing list