[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] ! Openssh package trojaned...

Subject: [ale] ! Openssh package trojaned...
From: jonathan.glass at ibb.gatech.edu (Jonathan Glass)
Date: Thu, 01 Aug 2002 11:13:17 -0400

At 10:32 AM 8/1/2002 -0500, John Wells wrote:
>This brings to mind a question I've had for awhile now.
>Many sites provide md5 files in addition to a tarball so you can run
>md5sum on the tarball and compare the hash.  What prevents some hax0r from
>posting a fake md5 file when they compromise a tarball, so the sums will
>match?

You don't apply the immutable flag to those files?


> >From what little I know about FreeBSD, it seems that ports allowed this
>bogus package to be spotted.  I assume this would not be the case on
>linux.  So what good is an md5 file anyway?  I'm probably missing
>something here...
>
>Thanks,
>
>John


Jonathan Glass, RHCE, Linux+, Network+, A+, MCP
Systems Support Specialist II
Institute for Bioengineering and Bioscience/BME
Georgia Institute of Technology
Voice: 404-385-0127
E-mail: jonathan.glass at ibb.gatech.edu


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] du
Next by Date: [ale] RH 7.3 / afterstep install
Previous by thread: [ale] ! Openssh package trojaned...
Next by thread: [ale] ! Openssh package trojaned...
Index(es):
- Date
- Thread