DNS poisoning attack worked even when targets used DNS from Google and Cloudflare.

  • @kolorafa
    link
    English
    95 months ago

    One more reason to have centralized and secure way to do app updates like in Linux (yes, you could still get f for example with not signed app images and such, but less likely)

    Not allowing every single app maker make their own update center is the way to go.

    • @[email protected]
      link
      fedilink
      English
      4
      edit-2
      5 months ago

      Less central repo, and more signed packages. I don’t care where my packages come from, I just care that they’re signed and verified on the client. I can use any mirror I want, including the one I self-host, and I’ll get the same result. Then the problem changes to making sure your mirror is in sync, and that shouldn’t be that hard.

    • @[email protected]
      link
      fedilink
      English
      35 months ago

      At that point it’s a single point of failure, hack that central repo and infect everything. Plus Linux is not centralized… That’s kinda the point, suse, Debian, arch, red hat all have their own repos…

      • @kolorafa
        link
        English
        3
        edit-2
        5 months ago

        Yes, but you as a user are in control of when/how you update, you can first update some test server and only then propagate it to other.

        But still better have single (hopefully secure) risk point/target that you need to pay attention than have multiple god know when/how updating that you dont even dont know about.

  • @[email protected]
    link
    fedilink
    English
    25 months ago

    Scary. I think a VPN would help against this kind of attack (although it also shows what could happen if your VPN gets compromised).

    Encrypted DNS is the real solution though.