Hey Tim! Where didya download these from? :) I know there is a way to generate and compare the checksums for the CDs, but I don't know the details. Can somebody give us a quick overview? I assume that merely passing the checksum test does not _guarantee_ the files weren't tampered with, though it is easy to check.
John Hebert --- Shannon Roddy <[EMAIL PROTECTED]> wrote: > BE CAREFUL with those 7.2 CD's... Read below. > > Shannon > > -----Forwarded Message----- > > > From: Terry Doub <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: NIPC Alert > > Date: 25 Oct 2001 13:53:47 -0500 > > > > The latest online update of Red Hat Linux, also > known by its code name, > > "Enigma," which was released 23 October, could > have been tampered with by > > attackers, a security expert warned. Copies of > Red Hat Linux 7.2 > > available from some download sites were not > digitally signed by the > > developer, Red Hat Inc., according to Kurt > Seifried, author of an online > > book entitled "Linux Administrator's Security > Guide." "Either Red Hat did > > not sign these packages, or someone subverted the > distribution process > > before the files got to various sites," said > Seifried in a security > > advisory issued 23 October. Without such > signatures, "it becomes trivial > > for an attacker to replace packages on a > distribution site with no one > > being able to easily verify that they have been > subverted," said > > Seifried's advisory. A Red Hat spokesperson said > the company was studying > > the security report. > > (Source: Newsbytes, 23 October) > ================================================ > BRLUG - The Baton Rouge Linux User Group > Visit http://www.brlug.net for more information. > Send email to [EMAIL PROTECTED] to change > your subscription information. > ================================================ __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com ================================================ BRLUG - The Baton Rouge Linux User Group Visit http://www.brlug.net for more information. Send email to [EMAIL PROTECTED] to change your subscription information. ================================================
