Recently I updated my OS since my parrot device was sitting around alone for a while. Noticed something.
While most programs were been updated over a (assumably) secure channel (https://url), few were being updated over http, which raised a concern of MITM manipulation attacks. Im not sure if there is any counter-measures like auto checking the hashes/checksum of downloaded (or upgraded) files after update. Or if its just a blank “MITM depends on your luck lol” kinda thing.
Here are few snapshots of the what Im referring to :
Few domains like
kartolo(dot)sby(dot)datautama(dot)net(dot)id are shown in the snap that transfers data over http rather than https.
Looking forward to some sort of patch