Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
kenniskrag
on March 30, 2021
|
parent
|
context
|
favorite
| on:
How to backdoor curl
May the developer can also monitor the download server and verify the sig with a cron. That will decrease the timeframe for a successful attack. Good idea?
ekimekim
on March 30, 2021
|
next
[–]
An attacker could mitigate this by having the download server only return the evil version to specific clients, eg. by IP or by user agent.
SiempreViernes
on March 30, 2021
|
parent
|
next
[–]
Sure, but having to add in that code surely causes friction to the whole attack, which is useful.
EdwardDiego
on March 30, 2021
|
prev
[–]
That would be a great idea, IMO.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
