On Wed, 1 Apr 2015 10:30:14 +0200, Corinna Vinschen
wrote:
> > +
> > +How does Cygwin counter man-in-the-middle (MITM) attacks
> > during installation and upgrade?
> > +
>
> The title is too specific, IMHO. What about something along the lines
> of "How Cygwin secures the installation process"
tle is too specific, IMHO. What about something along the lines
of "How Cygwin secures the installation process"?
> +
> +A man-in-the-middle (MITM) attack occurs when an attacker secretly relays and
> +possibly alters the communication between two parties
> +who believe they
On Tue, 31 Mar 2015 21:29:51 +0200, Corinna Vinschen
wrote:
> On Mar 31 14:08, David A. Wheeler wrote:
> > Signed-off-by: David A. Wheeler
>
> Ugh! *Short* patches are ok for the cygwin mailing list. Short being a
> handful of lines, not entire novels. Novels go to cygwin-patches, please :)
On Mar 31 14:08, David A. Wheeler wrote:
> Signed-off-by: David A. Wheeler
Ugh! *Short* patches are ok for the cygwin mailing list. Short being a
handful of lines, not entire novels. Novels go to cygwin-patches, please :)
Other than that, patch looks almost ok. I only scanned it for now since
and
+possibly alters the communication between two parties
+who believe they are directly communicating with each other.
+Here is how Cygwin counters man-in-the-middle (MITM) attacks
+during installation and update (including enough details so
+technical people can confirm it):
+
+
+
+The Cygwin
On Sun, 08 Mar 2015 20:44:30 +0100, Achim Gratz wrote:
> Setup.ini also records the file size, so a successful attack would need
> to pack a malicous payload into a valid archive of the same size and the
> same MD5 checksum. I think that is a much taller order than simply
> creating a hash collis
On Mar 8 20:44, Achim Gratz wrote:
> David A. Wheeler writes:
> >I checked Cygwin.com's SSL/TLS implementation using Qualsys
> >( https://www.ssllabs.com/ssltest/ ). Cygwin.com got an overall rating
> >of "B" (capped because it permits the RC4 cipher).
Isn't that rather due to the IDE
Achim Gratz writes:
> That's not what I see at the moment, so you might want to check again:
Forget that, I managed to read over that one lineā¦ :-P
> | TLS_RSA_WITH_RC4_128_SHA - strong
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
DIY Stuff:
ht
David A. Wheeler writes:
>I checked Cygwin.com's SSL/TLS implementation using Qualsys
>( https://www.ssllabs.com/ssltest/ ). Cygwin.com got an overall rating
>of "B" (capped because it permits the RC4 cipher).
That's not what I see at the moment, so you might want to check again:
Star
I'm trying to convince myself that the changes being made to Cygwin
will counter man-in-the-middle (MITM) attacks during installation or update.
Can someone tell me if the details below are correct?
I think something like this should be a new FAQ entry,
e.g., "How does Cygwin counter man-in-the-mi
10 matches
Mail list logo
