[juneau-lug] Re: MD5 Sums

• From: Kevin Miller <Kevin_Miller@xxxxxxxxxxxxxxx>
• To: "'juneau-lug@xxxxxxxxxxxxx'" <juneau-lug@xxxxxxxxxxxxx>
• Date: Fri, 15 Nov 2002 11:06:38 -0900

How timely.  That's something that I thought would be a good thing to show
at the meeting.  I'm sure it's simple as pie, and fast too, but it's one of
those things that I've never taken the time to look up.  There's probably a
number of other newcomers to Linux that would benefit from some basic tips
and pointers, too.  In this fast-food world, I'm sure there's a lot of
simple, little things that just don't get done because Linux is an OS that
comes with homework, and they just get put on the backburner...

...Kevin
-------------------
Kevin Miller 
CBJ MIS Dept.               Network Systems Administrator, Mail
Administrator
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
 

>-----Original Message-----
>From: James Zuelow [mailto:jamesz@xxxxxxxxxxxxxxxx]
>Sent: Friday, November 15, 2002 8:39 AM
>To: juneau-lug@xxxxxxxxxxxxx
>Subject: [juneau-lug] MD5 Sums
>
>
>
>I'm sure that most of you have heard about the trojans added to the
>tcpdump downloads, as well as the similar events with OpenSSH & other
>tools.
>
>If you don't know what I'm talking about, here's a link:
>
>http://www.cert.org/advisories/CA-2002-30.html
>
>If you read through the link you'll see a reference to HLUG.  HLUG is
>the Houston Linux Users Group, and they posted a warning when one of
>their members noticed that the MD5 sums for his download were different
>from the posted ones.
>
>I know that I do a lot of software downloading - both source code and
>binary files.  I also know that I'm kind of lax in checking 
>the MD5 sums
>when I'm done.  The habit of trusting a download because I trust the
>source is something that I'm trying to break.  It comes from many years
>of clicking the "always trust content from Microsoft" check box when
>visiting Windows Update...
>
>So just a little reminder - especially for new users or if you're
>downloading things for work - is to check those MD5 sums.  The chances
>of someone compromising both the ftp server AND the web server for a
>large project is pretty slim.  And if you check the MD5 sums 
>on both the
>main page and several mirrors you'll have another layer of 
>protection as
>well.
>
>Cheers,
>
>James
>
>
>------------------------------------
>This is the Juneau-LUG mailing list.
>To unsubscribe, send an e-mail to 
>juneau-lug-request@xxxxxxxxxxxxx with the word unsubscribe in 
>the subject header..
>

------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

• » [juneau-lug] MD5 Sums
• » [juneau-lug] Re: MD5 Sums

1. Home
2. juneau-lug
3. Archive
4. 11-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---