On Wed, Feb 06, 2013 at 10:24:28AM -0500, Tom Ritter wrote: > - ChromeOS's update mechanism is automatic, transparent, and basically > foolproof. Having bricked Ubuntu and Gentoo systems, the same is not > true of Linux.
Concur on this point, and wish to ask a related question: Many operating systems and applications and even application extensions (e.g., Firefox extensions) now attempt to discover the presence of updates for themselves either automatically or because a user instructs them to do. Is there any published research on the security consequences of doing so? (What I'm thinking of is an adversary who observes network traffic and thus can ascertain operating system type/version/patch level, installed application base/version/patch level, etc.) ---rsk -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
