Re: GNU software compromised : Cert Advisory
From: Jem Berkes (jb_at_users.pc9.org)
Date: 08/15/03
- Next message: fwxpqargv_at_hjqtgo.com.lx: "Re: Linux firewall on P166"
- Previous message: /dev/rob0: "Re: Linux firewall on P166"
- In reply to: Alan Connor: "Re: GNU software compromised : Cert Advisory"
- Next in thread: Keith: "Re: GNU software compromised : Cert Advisory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 15 Aug 2003 05:39:40 GMT
> Am I understanding this correctly? All anyone has to do to evade this
> cracker's work is to check the md5 sums?
I think what's happening is: the FSF already has known good md5sums for
most of the files on their FTP site. By comparing the current files' hashes
against the known good lists, they can confirm that those files have not
been tampered with.
The FSF is also seeking md5sums for files that they _did_not_ have records
of. They are unsure whether these files have been modified.
So this business about md5 sums is the FSF verifying the integrity of their
previously compromised FTP site, to make sure nothing was altered.
- Next message: fwxpqargv_at_hjqtgo.com.lx: "Re: Linux firewall on P166"
- Previous message: /dev/rob0: "Re: Linux firewall on P166"
- In reply to: Alan Connor: "Re: GNU software compromised : Cert Advisory"
- Next in thread: Keith: "Re: GNU software compromised : Cert Advisory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
