Causing illegitimate updates to be made. Examples include
sending a forged update disk containing attack code to a victim,
interrupting the normal distribution channel and introducing an
intentionally flawed distribution tape to be delivered, and substituting a
false update disk for a real one at the vendor or customer site.
Complexity: This attack appears to be easily carried out against many
installations and examples have shown that even well-trained and adequately
briefed employees fail to prevent such an attack. In cases where relatively
secure distribution techniques are used, the complexity may be driven up,
but more often than not, the addition of a disk will bypass even this sort
of process.
fc@red.a.net