[mosh-devel] Checking for updates
Daniel
kyhwana at gmail.com
Wed Jun 8 17:01:33 EDT 2016
Hey Dan,
if mosh implemented an update check it should be done securely, via HTTPS etc.
(See the big kerfluffle going on atm with keepass not doing secure
updates/checking etc)
Not only is there the possibility of a MITM forcing a backdoored
update or backdoored link, but they can MITM and report that there is
no updates available when in reality there is, then use this to
exploit a bug in the unupdated older version.
On Thu, Jun 9, 2016 at 7:52 AM, Dan Mahoney, System Admin
<danm at prime.gushi.org> wrote:
> Hey all,
>
> Would it be possible to have mosh (from the command line) periodically
> check some server somewhere (perhaps a DNS TXT record or something
> similar) for available updates?
>
> -Dan
>
> --
>
> --------Dan Mahoney--------
> Techie, Sysadmin, WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144 AIM: LarpGM
> Site: http://www.gushi.org
> ---------------------------
>
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-devel
More information about the mosh-devel
mailing list