APT vulnerable to man-in-the-middle attacks since 2010

APT vulnerable to man-in-the-middle attacks since 2010(slashdot.org)

3 points by gPphX 12 years ago | 1 comment

huslage 12 years ago |

This is sort of overblown. The vulnerability is in libcurl, not apt. It only applies to people (and CAs) who are dumb enough to issue certs where there is a wildcarded IP in the CN. I've never seen this in the wild, not that it couldn't happen.

huslage 12 years ago |

This is sort of overblown. The vulnerability is in libcurl, not apt. It only applies to people (and CAs) who are dumb enough to issue certs where there is a wildcarded IP in the CN. I've never seen this in the wild, not that it couldn't happen.