[LONG SHOT] Modify backdoored ISO to trust malicious PGP keys
Opened this issue · 0 comments
hackers-terabit commented
The title says it all, as far as I can tell, outside of the bsd's only rpm and deb distros have GPG signed hash/package-tree/package.
We can either insert an additional fully trusted fingerprint/key or find a collision with existing short fingerprints and try to mitm any HKP:// refreshes done.