[TriLUG] Fwd: OpenSSH Security Advisory: Trojaned Distribution Files

Dan Chen crimsun at email.unc.edu
Thu Aug 1 17:48:20 EDT 2002


On Thu, Aug 01, 2002 at 12:42:29PM -0400, John Broome wrote:
> ----- Original Message -----
> From: "Mike Mueller" <mjm-58 at mindspring.com>
> 
> 
> > On Thursday 01 August 2002 12:11, Brian Daniels reputedly wrote:
> > Would the problem have been caught if the MD5s were checked, or were the
> > checksums compromised as well?  If the checksums were compromised, then
> can
> > anything anywhere be trusted?
> 
> 
> From what I saw on slashdot today the MD5's were different.

Yup. There are any number of methods that can alleviate but not
altogether strongly ensure that nothing has been mucked with. I
personally pour through the source of any daemon looking for such
"compromises" prior to building and installing on my machines.

-- 
Dan Chen                 crimsun at email.unc.edu
GPG key:   www.unc.edu/~crimsun/pubkey.gpg.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020801/99c3781d/attachment.pgp>


More information about the TriLUG mailing list