[TriLUG] Fwd: Trust issues with RH and Debian package managers

Fred Stutzman stutzman at email.unc.edu
Mon Dec 17 18:18:38 EST 2001


> As a matter of comparison, my Windows 2000 box has no such vulnerability.
> The first time I went to Windows Update, I checked the box that said
> "always trust content from Microsoft Corporation."  Therefore, only
> Microsoft's real certificate will be accepted by my machine.  Even if the
> FBI forces Verisign to issue an impostor certificate, it will be detected
> and thwarted.

Wasn't there a message across bugtraq earlier this year about crackers
getting their hands on certificates signed by M$ft's CA?  Was that back
orifice or SP2 I just installed?  Noone's safe from the FBI.




More information about the TriLUG mailing list