[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Whitelist of update servers

Subject: Whitelist of update servers
From: keegan.holley at sungard.com (Keegan Holley)
Date: Mon, 12 Mar 2012 16:40:24 -0400
In-reply-to: <CA+vWMo7Ys09Kb9i+v477nDHEseTkLotcNMsdN1Us281rST--VQ@mail.gmail.com>
References: <CA+vWMo6eFHHEj2EGFc9b-MW7ieGPb=mF2_zaENdwsAmagLa38w@mail.gmail.com> <CABO8Q6QGtTP8DYO0BBR8anKS1pN9LvicPSegHkvXtyYGTLoPkA@mail.gmail.com> <CA+vWMo7Ys09Kb9i+v477nDHEseTkLotcNMsdN1Us281rST--VQ@mail.gmail.com>

2012/3/12 Maverick <myeaddress at gmail.com>

> Like list of sites that operating systems or applications installed on
> your machines go to update themselves. One way could be to go on each
> vendors site and look at their update servers like
> microsoft.update.com but it would be good if there is a list of such
> servers for all OS and applications so that it could be used as a
> whitelist.
>
>
I stick with my original answer... sometimes.  I'm not sure if this is
different now, but I remember MS update being spoofed with bogus DNS
entries because the process is died to that dns name.  I think this is the
most popular method combined with some sort of encryption and/or signing to
verify the updates themselves.  I'm sure there are applications that use a
white list though.  There are alot of shops that update via some kind of
CDN, so the whitelist method is a bit combersome at scale and is not immune
to spoofing or other attacks.  The most secure thing is probably to protect
the updates themselves.

References:
- Whitelist of update servers
  - From: myeaddress at gmail.com (Maverick)
- Whitelist of update servers
  - From: keegan.holley at sungard.com (Keegan Holley)
- Whitelist of update servers
  - From: myeaddress at gmail.com (Maverick)

Prev by Date: Whitelist of update servers
Next by Date: Whitelist of update servers
Previous by thread: Whitelist of update servers
Next by thread: Whitelist of update servers
Index(es):
- Date
- Thread