So the new ubuntu came out (11.10) (well done!) and I decided to play with the new ubuntu store software manager program. So it turns out that previously a bug was reported saying that "Single sign on page doesn't look secure", https://bugs.launchpad.net/ubuntu/+source/software-center/+bug/637649, well... guess what? it isn't "secure tm"
I placed an entry in /etc/hosts to redirect login.ubuntu.com to the address of an ISP and attempted to "buy a piece of software" via the ubuntu software center ... well instead of viewing the login.ubuntu.com page I got the ISP's web page ...
I haven't reviewed the code yet, but I doubt the code is doing sufficient ssl validation ...
tldr: this is a bad thing because user's who expect to login to ubuntu safely(with ssl :) ) and buy software are at risk.
I need to confirm / check if this will give $man in the middle the ability to get remote code execution. From a quick review of the source code, it looks like this is possible ... (see softwarecenter/ ui/gtk3/ views/purchasev iew.py) .