|
|
|
|
|
|
by Simucal
4325 days ago
|
|
|
With tools like these out there, what can we do to protect ourselves? Besides not downloading binaries over HTTP (which still wouldn't protect you if a CA has been compromised) what other steps can someone take? I hate how vulnerable and yet utterly essential our browsers have become. |
|
|
This is actually how OpenBSD operates. If you buy an official CD set, the thing ships with keys which are then used to sign downloaded packages.
When the keys go via a side channel, the probability of compromise decreases considerably.