[juneau-lug] MD5 Sums

• From: "James Zuelow" <jamesz@xxxxxxxxxxxxxxxx>
• To: <juneau-lug@xxxxxxxxxxxxx>
• Date: Fri, 15 Nov 2002 09:39:26 -0800

I'm sure that most of you have heard about the trojans added to the
tcpdump downloads, as well as the similar events with OpenSSH & other
tools.

If you don't know what I'm talking about, here's a link:

http://www.cert.org/advisories/CA-2002-30.html

If you read through the link you'll see a reference to HLUG.  HLUG is
the Houston Linux Users Group, and they posted a warning when one of
their members noticed that the MD5 sums for his download were different
from the posted ones.

I know that I do a lot of software downloading - both source code and
binary files.  I also know that I'm kind of lax in checking the MD5 sums
when I'm done.  The habit of trusting a download because I trust the
source is something that I'm trying to break.  It comes from many years
of clicking the "always trust content from Microsoft" check box when
visiting Windows Update...

So just a little reminder - especially for new users or if you're
downloading things for work - is to check those MD5 sums.  The chances
of someone compromising both the ftp server AND the web server for a
large project is pretty slim.  And if you check the MD5 sums on both the
main page and several mirrors you'll have another layer of protection as
well.

Cheers,

James


------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

• » [juneau-lug] MD5 Sums
• » [juneau-lug] Re: MD5 Sums

1. Home
2. juneau-lug
3. Archive
4. 11-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---