How can we tell if the iso's have been tampered with? They could replace packages in them? You mean, instead of 7.2 I could actually be installing something dangerous....like XP? Let me know. Jeff
----- Original Message ----- From: "Shannon Roddy" <[EMAIL PROTECTED]> To: "Baton Rouge Linux Users Group" <[EMAIL PROTECTED]> Sent: Thursday, October 25, 2001 11:46 PM Subject: [brluglist] [Fwd: NIPC Alert] > BE CAREFUL with those 7.2 CD's... Read below. > > Shannon > > -----Forwarded Message----- > > > From: Terry Doub <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: NIPC Alert > > Date: 25 Oct 2001 13:53:47 -0500 > > > > The latest online update of Red Hat Linux, also known by its code name, > > "Enigma," which was released 23 October, could have been tampered with by > > attackers, a security expert warned. Copies of Red Hat Linux 7.2 > > available from some download sites were not digitally signed by the > > developer, Red Hat Inc., according to Kurt Seifried, author of an online > > book entitled "Linux Administrator's Security Guide." "Either Red Hat did > > not sign these packages, or someone subverted the distribution process > > before the files got to various sites," said Seifried in a security > > advisory issued 23 October. Without such signatures, "it becomes trivial > > for an attacker to replace packages on a distribution site with no one > > being able to easily verify that they have been subverted," said > > Seifried's advisory. A Red Hat spokesperson said the company was studying > > the security report. > > (Source: Newsbytes, 23 October) > ================================================ > BRLUG - The Baton Rouge Linux User Group > Visit http://www.brlug.net for more information. > Send email to [EMAIL PROTECTED] to change > your subscription information. > ================================================ ================================================ BRLUG - The Baton Rouge Linux User Group Visit http://www.brlug.net for more information. Send email to [EMAIL PROTECTED] to change your subscription information. ================================================
