Web lists-archives.com

Re: Bug#858612: ITP: wifiphisher -- Automated phishing attacks against Wi-Fi networks

On Mon, 27 Mar 2017, Thibaut Paumard wrote:
> Thanks for the pointer. Just out of curiosity, do you intend on using
> the blends framework for the pkg-security team?

This is not part of any current plan but I have no objection if someone
wants to do the required work.

> If you have pointers about those best security practices, I'll gladly
> take them.

I'm not a penetration tester myself. But a good starting point is to
not use "http" at all on connections that you do not trust and also using
tools to ensure that you get the same https certificate that you use to
get over a secure connection.

> Quickly Googling "pkg-security" and "Debian security" did not reveal a
> prominent central place for this sort of information. Although not
> Debian-specific, a starting point at debian.org for raising awareness
> for our users would be nice. If the pkg-security team could take it on
> its shoulders...

The pkg-security team is about packaging tools, not about this, sorry. 


Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/