security improvements in t ex live
play

Security improvements in T EX Live Norbert Preining T EX Live - PowerPoint PPT Presentation

Feb 24, 2024 •35 likes •715 views

Security improvements in T EX Live Norbert Preining T EX Live Team Tug 2016, Toronto T EX Live security 2 Overview status up to (and including) 2015 possible attack vectors integrity and authenticity verification

  1. Security improvements in T EX Live Norbert Preining T EX Live Team Tug 2016, Toronto

  2. T EX Live security – 2 Overview ▶ status up to (and including) 2015 ▶ possible attack vectors ▶ integrity and authenticity ▶ verification architecture ▶ (non-)distributing GnuGP (and alternatives) ▶ Problems ▶ user experience ▶ key management

  3. T EX Live security – 3 Status up to 2015 name 12many ... containersize 2100 containermd5 ..... doccontainersize 375404 doccontainermd5 .... ... only used to restart an interrupted installation not for tlmgr update nor for normal installation! ▶ container checksum (md5) is available in the tlpdb ▶ but …

  4. T EX Live security – 3 Status up to 2015 name 12many ... containersize 2100 containermd5 ..... doccontainersize 375404 doccontainermd5 .... ... not for tlmgr update nor for normal installation! ▶ container checksum (md5) is available in the tlpdb ▶ but … only used to restart an interrupted installation

  5. T EX Live security – 3 Status up to 2015 name 12many ... containersize 2100 containermd5 ..... doccontainersize 375404 doccontainermd5 .... ... not for tlmgr update nor for normal installation! ▶ container checksum (md5) is available in the tlpdb ▶ but … only used to restart an interrupted installation

  6. T EX Live security – 4 Do we need better security?

  7. ▶ exchange pdftex binary with one shipping a crypto-virus ▶ enjoy … T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror

  8. ▶ enjoy … T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus

  9. T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ enjoy …

  10. T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ enjoy …

  11. T EX Live security – 5 Possible attack vector I Since no checks are done, this is easily possible! Verification of checksums (md5) In tlcritical for a few months before TL2016 was released, but not pushed out to 2015. ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ enjoy …

  12. ▶ exchange pdftex binary with one shipping a crypto-virus ▶ adjust the container that the MD5 sum does not change ▶ enjoy … T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror

  13. ▶ adjust the container that the MD5 sum does not change ▶ enjoy … T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus

  14. ▶ enjoy … T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ adjust the container that the MD5 sum does not change

  15. T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ adjust the container that the MD5 sum does not change ▶ enjoy …

  16. T EX Live security – 6 Possible attack vectors II (possible!) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror ▶ exchange pdftex binary with one shipping a crypto-virus ▶ adjust the container that the MD5 sum does not change ▶ enjoy …

  17. ▶ exchange pdftex binary as before ▶ adjust the checksum in the tlpdb file ▶ enjoy … T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good

  18. ▶ adjust the checksum in the tlpdb file ▶ enjoy … T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good ▶ exchange pdftex binary as before

  19. ▶ enjoy … T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good ▶ exchange pdftex binary as before ▶ adjust the checksum in the tlpdb file

  20. T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good ▶ exchange pdftex binary as before ▶ adjust the checksum in the tlpdb file ▶ enjoy …

  21. T EX Live security – 7 Possible attack vector III connections and many users) No counter measures up to T EX Live 2015! ▶ compromise one ctan mirror (or setup one yourself, get good ▶ exchange pdftex binary as before ▶ adjust the checksum in the tlpdb file ▶ enjoy …

  22. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  23. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  24. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  25. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  26. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  27. T EX Live security – 8 Integrity and authenticity Integrity Need to check the integrity of the downloaded packages – prevent tampering. md5 is not strong, can be tampered – switch to sha512 Authenticity Verify that the packages are actually the ones from us (T EX Live Team). Cryptographic signatures

  28. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  29. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  30. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  31. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  32. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  33. T EX Live security – 9 Verification architecture – overview tlmgr downloads remote texlive.tlpdb tlmgr verifies authenticity of the tlpdb tlmgr checks integrity of containers tlmgr installs package new partially new

  34. T ... ... r2mB9xEnR4o2SRBDNI... iQEVAwUBVyAV9kzhh3... —–BEGIN PGP SIGNATURE—– texlive.tlpdb.sha512.asc <128 hex digits> texlive.tlpdb texlive.tlpdb.sha512 containerchecksum ... EX Live security – 10 name 2up ... containerchecksum ... name 12many ... name 00texlive.config texlive.tlpdb Verification of authenticity —–END PGP SIGNATURE—–

Recommend

Pedestrian Improvements at Rail Crossings Study Safety and Security for All Evaluated several

Pedestrian Improvements at Rail Crossings Study Safety and Security for All Evaluated several

Pedestrian Improvements at Rail Crossings Study Safety and Security for All Evaluated several of the Countys railroad crossings Developed a toolbox of strategies Identified possible funding sources Recommended improvements

418 views • 20 slides
Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the

Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the

Improvements in Transportation Security Analysis from a Complex Risk Mitigation Framework for the Security of International Spent Nuclear Fuel Transportation Adam D. Williams Global Security Research &amp; Analysis Sandia National Laboratories

505 views • 13 slides
Update on Security Improvements at San Francisco General Hospital Department Public Health

Update on Security Improvements at San Francisco General Hospital Department Public Health

Update on Security Improvements at San Francisco General Hospital Department Public Health Health Commission Meeting December 17, 2013 1 New Security Measures Implemented Beginning in October Daily emergency stairwell checks by Sheriff

118 views • 7 slides
Improvements on Distributed Key Generation Bachelor Project Kopiga Rasiah Responsible

Improvements on Distributed Key Generation Bachelor Project Kopiga Rasiah Responsible

Improvements on Distributed Key Generation Bachelor Project Kopiga Rasiah Responsible Supervisor Bryan Ford Nicolas Gailly 1 Improvements on Distributed Key Generation Objective: Bringing improvements in order to enhance the security of

634 views • 28 slides
SUSTAINABLE IMPROVEMENTS IN FOOD SECURITY AND NUTRITION Dr. Kavita Sethuraman, Technical Advisor,

SUSTAINABLE IMPROVEMENTS IN FOOD SECURITY AND NUTRITION Dr. Kavita Sethuraman, Technical Advisor,

EMPOWERING WOMEN AND GIRLS: A CRITICAL PATHWAY TO ACCELERATE SUSTAINABLE IMPROVEMENTS IN FOOD SECURITY AND NUTRITION Dr. Kavita Sethuraman, Technical Advisor, Maternal and Child Health and Nutrition April 19 2017 Food and Nutrition Technical

408 views • 20 slides
De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst Speaker Background Computer Science degree from the University of New Orleans Former Security Consultant for Neohapsis Worked for Digital

911 views • 61 slides
LIBREOFFICE LOCKDOWN &amp; ENCRYPTION Improvements to document security &amp; permissions

LIBREOFFICE LOCKDOWN &amp; ENCRYPTION Improvements to document security &amp; permissions

LIBREOFFICE LOCKDOWN &amp; ENCRYPTION Improvements to document security &amp; permissions Thorsten Behrens, CIB software GmbH FOSDEM 2020, Brussels, February 3, 2020 1 Yours Truly Thorsten Behrens thb@libreoffice.org Since 2015 with

502 views • 14 slides
Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in

Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in

Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in Deposit Accounts, Securities Accounts and Other Investment Property Establishing Control Under the UCC to Perfect Security Interests in Special

784 views • 64 slides
that it is not sufficient to preserve security in outer space. Via the UN General Assembly

that it is not sufficient to preserve security in outer space. Via the UN General Assembly

Prospects for Progress on Space Security Diplomacy Presentation by Paul Meyer Senior Fellow, The Simons Foundation Space Security Index side event Tracking Space Security: Are We Ready to Go Live? held during the United Nations General

229 views • 3 slides
Water Infrastructure Improvements in Highland Park Highland Park Community Council June 21, 2020

Water Infrastructure Improvements in Highland Park Highland Park Community Council June 21, 2020

Water Infrastructure Improvements in Highland Park Highland Park Community Council June 21, 2020 1 AGENDA Introduction and Purpose COVID-19 Impacts Highland I Reservoir Parapet Wall Security Improvements Rising Main and Pump

354 views • 9 slides
IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst

IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst

#RSAC SESSION ID: SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst Independent Security Evaluators (ISE) Independent Security Evaluators (ISE) @rramgatie @omerfar23 #RSAC

924 views • 43 slides
Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r

Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r

APNA 30th Annual Conference Session 3046: October 21, 2016 Assumptio ns T his to pic c a n b ring up a lo t o f e mo tio ns Offic e r I nvo lve d Bla c k live s ma tte r, Blue live s ma tte r, All live s ma tte r Altho ug h the

328 views • 8 slides
Yaos Garbled Circuits Recent Directions and Implementations Pete Snyder Outline 1. Context

Yaos Garbled Circuits Recent Directions and Implementations Pete Snyder Outline 1. Context

Yaos Garbled Circuits Recent Directions and Implementations Pete Snyder Outline 1. Context 2. Security definitions 3. Oblivious transfer 4. Yaos original protocol 5. Security improvements 6. Performance improvements 7.

1.05k views • 73 slides
+ Continues Improvements Outcome Measures &amp; Surveys Security &amp; Privacy Considerations

+ Continues Improvements Outcome Measures &amp; Surveys Security &amp; Privacy Considerations

Bounce back Seminar 9/11/2015 Harnessing technology and Pres esen entatio ion Ov Over ervi view exercise intervention to optimise patient outcomes Technology &amp; Work Flow + Continues Improvements Outcome Measures &amp; Surveys

86 views • 5 slides
Who Benefited From Transportation Improvements? Weve seen that many of the transportation

Who Benefited From Transportation Improvements? Weve seen that many of the transportation

Who Benefited From Transportation Improvements? Weve seen that many of the transportation improvements led to major reductions in shipping costs but didnt necessarily lead to big profits for investors If transportation improvements were so

609 views • 40 slides
Bike Security Task Force Update JPB Citizens Advisory Committee September 19, 2018 Agenda Item

Bike Security Task Force Update JPB Citizens Advisory Committee September 19, 2018 Agenda Item

Bike Security Task Force Update JPB Citizens Advisory Committee September 19, 2018 Agenda Item 9 Presentation Outline Interdepartmental Effort Data Gathering &amp; Improvements Improvements Key Complete Near-term Long-term 2

333 views • 11 slides
Industry Information Live Beskyt produktiviteten med Industrial Security

Industry Information Live Beskyt produktiviteten med Industrial Security

Industry Information Live Beskyt produktiviteten med Industrial Security www.siemens.dk/di-webinarer Dagens vrter Morten Kromann Technology Specialist Lars Peter Hansen Per Christiansen Technology Specialist Manager Q&amp;A Jesper

905 views • 73 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (June 14, 2000 4:18 pm) I E S R

UMBC A B M A L T F O U M B C I M Y O R T 1 (June 14, 2000 4:18 pm) I E S R

Advanced Computer Architecture Chapter 1 (Part I) CMSC 611 Course Summary Improvements in CPU performance a result of: Technology enhancements (already discussed). Improvements in computer architecture: Innovations Improvements

415 views • 13 slides
Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in

Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in

Presenting a live 90-minute webinar with interactive Q&amp;A Perfecting Security Interests in Deposit Accounts, Securities Accounts and Other Investment Property Establishing Control Under the UCC with Special Types of Collateral THURSDAY,

1.33k views • 65 slides
MARIA reactor safety im improvements and research capacity im improvements M. Lipka, M .

MARIA reactor safety im improvements and research capacity im improvements M. Lipka, M .

MARIA reactor safety im improvements and research capacity im improvements M. Lipka, M . Tarchalski, M. Gryziski, G. Krzysztoszek, J.Jaroszewicz, K. Pytel, R. Prokopowicz, 3-7 December 2017,18th IGORR, Sydney, Australia National Centre

449 views • 29 slides
Improvements Developed during the IEA SHC Task 54 Technical Improvements Dr. Alexander Thr 1

Improvements Developed during the IEA SHC Task 54 Technical Improvements Dr. Alexander Thr 1

Improvements Developed during the IEA SHC Task 54 Technical Improvements Dr. Alexander Thr 1 Dr. Federico Giovannetti 2 Dr. Stephan Fischer 3 1 University Innsbruck, Austria 2 ISFH, Germany 3 IGTE, Germany ISEC 2018 Graz, Austria 19 September

654 views • 19 slides
Urban Water Security Research Alliance Urban Creeks in SEQ - can bugs live anywhere? Role of

Urban Water Security Research Alliance Urban Creeks in SEQ - can bugs live anywhere? Role of

Urban Water Security Research Alliance Urban Creeks in SEQ - can bugs live anywhere? Role of habitat and hydrology Fran Sheldon Stormwater Harvesting and Ecohydrology Science Forum, 19-20 June 2012 CONCEPTUAL MODEL Urbanisation Changed

373 views • 20 slides
CSP Is Dead, Long Live Strict CSP! Lukas Weichselbaum About Us Lukas Weichselbaum Michele

CSP Is Dead, Long Live Strict CSP! Lukas Weichselbaum About Us Lukas Weichselbaum Michele

CSP Is Dead, Long Live Strict CSP! Lukas Weichselbaum About Us Lukas Weichselbaum Michele Spagnuolo Senior Information Security Senior Information Security Engineer Engineer We work in a special focus area of the Google security team aimed

553 views • 37 slides
SR 39 Im Improvements in in Martinsville Public Information Meeting May 13, 2019 WHY ARE WE

SR 39 Im Improvements in in Martinsville Public Information Meeting May 13, 2019 WHY ARE WE

SR 39 Im Improvements in in Martinsville Public Information Meeting May 13, 2019 WHY ARE WE HERE TODAY? Communicate information about SR 39 Improvements including Purpose Design Elements Schedule 2 LOCAL IMPROVEMENTS

424 views • 16 slides

More recommend