December 8, 2021
Debian’s package manager apt has a time-tested method of securely providing packages from the network built on OpenPGP signatures. Even though …
May 6, 2020
As part of the Tracking the Trackers project, we are inspecting thousands of Android apps to see what kinds of tracking we can find. We are looking at …
January 23, 2019
There is a new vulnerability in Debian’s apt that allows anything that can Man-in-the-Middle (MITM) your traffic to get root on your Debian/Ubuntu/etc …
March 13, 2017
In Debian stretch, the upcoming new release, it is now possible to build Android apps using only packages from Debian. This will provide all of the …
July 31, 2016
Following up on some privacy leaks that we looked into a while back, there are now official Debian Tor Onion Services for getting software packages …
June 2, 2016
App stores can work well without any tracking at all Attackers are increasingly seeing app stores as a prime attack vector, whether it is aimed at the …
April 30, 2015
As part of Debian’s project in Google Summer of Code, I’ll be working with two students, Kai-Chung Yan and Komal Sukhani, and another mentor from the …
October 16, 2014
Update: now you can do this with Tor Onion Services Many software update systems use code signing to ensure that only the correct software is …
November 5, 2013
(This blog post as now been cooked into an updated HOWTO) The Google Play Store for Android is not available in all parts of the world, US law …
October 31, 2013
There is currently a discussion underway on the Debian-security list about adding TLS and Tor functionality to the official repositories (repos) of …