[ale] ! Openssh package trojaned...
Jonathan Rickman
jonathan at xcorps.net
Thu Aug 1 10:42:53 EDT 2002
On Thu, 1 Aug 2002, John Wells wrote:
> This brings to mind a question I've had for awhile now.
> Many sites provide md5 files in addition to a tarball so you can run
> md5sum on the tarball and compare the hash. What prevents some hax0r from
> posting a fake md5 file when they compromise a tarball, so the sums will
> match?
I've never really trusted MD5 checksums totally, mainly because I don't
have a really good grasp of what's happening either. However, they are
useful for quick identification purposes, as I pointed out earlier.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list