How are they ‘changing on the fly’ the distro I downloaded the week before and ran a CRC check on?
Well, you’re uploading it remotely at some point. Essentially it’s a supply chain attack, where during the process of upload it’s compromised by the remote server. The logic would be - they can fingerprint any reasonable distro you might use, and replace it with a pre-prepared compromised version. Any tools you might use to check its veracity could potentially be poisoned the same way, no? As I said, remote possibility and high cost, but not implausible.
Serious question, do you have any background in IT security?
How are they ‘changing on the fly’ the distro I downloaded the week before and ran a CRC check on?
Serious question, do you have any background in IT security?
I ask that because to cover this properly will take effort, and I’m not prepared to waste that on someone who won’t understand what I’m writing.
Well, you’re uploading it remotely at some point. Essentially it’s a supply chain attack, where during the process of upload it’s compromised by the remote server. The logic would be - they can fingerprint any reasonable distro you might use, and replace it with a pre-prepared compromised version. Any tools you might use to check its veracity could potentially be poisoned the same way, no? As I said, remote possibility and high cost, but not implausible.
A little. I’m in IT, and know the basics.