Microsoft Takeover of GNU/Linux Machines by Debian/APT
Skype's Debian Package Could Allow Attackers To Completely Takeover Machines
Security researcher Enrico Weigelt uncovered a critical security issue in the way Skype installs itself on Debian Linux machines, adding its Microsoft's APT repository in the system's sources.list file.
Skype's Debian package uses an APT configuration profile which automatically inserts Microsoft's apt repository to the default system package sources which would allow anyone with access to it to hypothetically use malicious tools to compromise the machine.
In layman's terms, APT repositories are collections of .deb packages used as the central storage, management and delivery platform for all Debian-based Linux machines.
The APT repositories can be used to install, remove, or update applications on a Debian machine with the help of the apt-get command.
Apt Repositories: Goodbye Aptly, Welcome RepRepro
I have been using aptly for several years publishing all kinds of repositories for different developments. The other day, when I wanted to update my calibre repository (see previous post) I realized that aptly cannot sign anything anymore. Huuu…
