[ale] ! Openssh package trojaned...
jenn at colormaria.com
jenn at colormaria.com
Thu Aug 1 10:43:36 EDT 2002
> On Thu, 1 Aug 2002, John Wells wrote:
>
>> This brings to mind a question I've had for awhile now.
>> Many sites provide md5 files in addition to a tarball so you can run
>> md5sum on the tarball and compare the hash. What prevents some hax0r
>> from posting a fake md5 file when they compromise a tarball, so the
>> sums will match?
>
>
Absolutely nothing prevents an unethical entity from creating a checksum
on their trojan'd software and posting it. This is why it's crucial to
trust the places you download your software. Same as the old email virus
warning -- don't open it unless you know what it is. :)
jenn
paranoid freak
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list