http subversion URLs should be discontinued in favor of https URLs
Igor Mozolevsky
mozolevsky at gmail.com
Sun Dec 10 19:24:51 UTC 2017
On 10 December 2017 at 19:23, Yuri <yuri at rawbw.com> wrote:
> On 12/10/17 10:15, Igor Mozolevsky wrote:
>
>> They are not "hypothetical characters," they are invented characters that
>> are used in a threat model. But that's reframing the problem- a
>> hypothetical threat model is very different to a real threat model.
>>
>
>
> This is a very real threat model. There are a lot of malicious Tor exit
> node operators, and a lot of FreeBSD users update their system over
> subversion. The only thing that the Tor node operator needs to do is to
> detect relevant requests and serve malware.
>
> How is this not real?
It seems the problem is *not* FreeBSD but Tor in your case!
--
Igor M.
More information about the freebsd-security
mailing list