| The chosen-prefix collision attack used in signing the Windows Update malware (FLAME) also suspected of being from the US was a never before published variant. Is anyone aware of a somewhat comprehensive auto-update cryptography survey anywhere? I am often alarmed by the number of updates pushed through desktop software, often with little explanation. (I'm looking at you, Adobe.) .. not just for security, but for bandwidth management too. Many open source products seem to just query a URL and direct you to go download stuff. With SSL essentially broken, that's gotta be a bit risky vs. MITM. Gentoo for one combines pre-distributed SHA256, SHA512 and Whirlpool checksums with file size, which feels secure enough against collisions. But the pre-distribution is decentralized through potential MITM (non-trusted parties), and the cryptography around that process - if any - is less than transparent, and integrity checking is apparently not made upon locally extracted package database. Perhaps we need a standard, cross-platform solution in the software update query space that is cryptographically paranoid and well-reviewed enough by multiple parties to be considered secure, meets the generalised need and has some OS-level integration features more advanced than "secretly do things in the background". |
There's nothing stopping one from linking against their own copy of an SSL lib, and supplying their own list of trust anchors/trusted CAs. I've been wondering for a while why lots of apps (e.g. mobile apps) don't do this more often.