This is a multi-part message in MIME format.
------=_NextPart_000_0019_01C15E3C.258F94E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
RE: [brluglist] [Fwd: NIPC Alert]If anyone has a problem checking an =
MD5sum then go here: http://www.linuxiso.org/md5sum.html
----- Original Message -----=20
From: Kevin Bucknum=20
To: '[EMAIL PROTECTED]'=20
Sent: Friday, October 26, 2001 12:45 PM
Subject: RE: [brluglist] [Fwd: NIPC Alert]
grrr - outlook and exchange are evil - I can't force this bastard to =
post in plain text.
-----Original Message-----
From: Kevin Bucknum [mailto:[EMAIL PROTECTED]
Sent: Friday, October 26, 2001 12:34 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [brluglist] [Fwd: NIPC Alert]
Check your iso's with md5sum against Redhat's published results from =
here=20
ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/iso/i386/MD5SUM=20
-----Original Message-----=20
From: Jeff Crosby [mailto:[EMAIL PROTECTED]
Sent: Friday, October 26, 2001 12:14 PM=20
To: [EMAIL PROTECTED]
Subject: Re: [brluglist] [Fwd: NIPC Alert]=20
How can we tell if the iso's have been tampered with? They could =
replace=20
packages in them? You mean, instead of 7.2 I could actually be =
installing=20
something dangerous....like XP? Let me know. Jeff=20
----- Original Message -----=20
From: "Shannon Roddy" <[EMAIL PROTECTED]>=20
To: "Baton Rouge Linux Users Group" <[EMAIL PROTECTED]>=20
Sent: Thursday, October 25, 2001 11:46 PM=20
Subject: [brluglist] [Fwd: NIPC Alert]=20
> BE CAREFUL with those 7.2 CD's... Read below.=20
>=20
> Shannon=20
>=20
> -----Forwarded Message-----=20
>=20
> > From: Terry Doub <[EMAIL PROTECTED]>=20
> > To: [EMAIL PROTECTED]
> > Subject: NIPC Alert=20
> > Date: 25 Oct 2001 13:53:47 -0500=20
> >=20
> > The latest online update of Red Hat Linux, also known by its =
code name,=20
> > "Enigma," which was released 23 October, could have been =
tampered with=20
by=20
> > attackers, a security expert warned. Copies of Red Hat Linux =
7.2=20
> > available from some download sites were not digitally signed by =
the=20
> > developer, Red Hat Inc., according to Kurt Seifried, author of =
an=20
online=20
> > book entitled "Linux Administrator's Security Guide." "Either =
Red Hat=20
did=20
> > not sign these packages, or someone subverted the distribution =
process=20
> > before the files got to various sites," said Seifried in a =
security=20
> > advisory issued 23 October. Without such signatures, "it =
becomes=20
trivial=20
> > for an attacker to replace packages on a distribution site with =
no one=20
> > being able to easily verify that they have been subverted," =
said=20
> > Seifried's advisory. A Red Hat spokesperson said the company =
was=20
studying=20
> > the security report.=20
> > (Source: Newsbytes, 23 October)=20
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
> BRLUG - The Baton Rouge Linux User Group=20
> Visit http://www.brlug.net for more information.=20
> Send email to [EMAIL PROTECTED] to change=20
> your subscription information.=20
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
BRLUG - The Baton Rouge Linux User Group=20
Visit http://www.brlug.net for more information.=20
Send email to [EMAIL PROTECTED] to change=20
your subscription information.=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
------=_NextPart_000_0019_01C15E3C.258F94E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>RE: [brluglist] [Fwd: NIPC Alert]</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4616.200" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>If anyone has a problem checking an =
MD5sum then go=20
here: http://www.linuxiso.org/md5sum.html</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A [EMAIL PROTECTED]
href=3D"mailto:[EMAIL PROTECTED]">Kevin Bucknum</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
[EMAIL PROTECTED]
href=3D"mailto:'[EMAIL PROTECTED]'">'[EMAIL PROTECTED]'</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, October 26, 2001 =
12:45=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> RE: [brluglist] [Fwd: =
NIPC=20
Alert]</DIV>
<DIV><BR></DIV>
<DIV><SPAN class=3D670114217-26102001><FONT face=3DArial =
color=3D#0000ff size=3D2>grrr=20
- outlook and exchange are evil - I can't force this bastard to post =
in plain=20
text.</FONT></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Kevin Bucknum=20
[mailto:[EMAIL PROTECTED]<BR><B>Sent:</B> Friday, October =
26, 2001=20
12:34 PM<BR><B>To:</B> <A=20
=
href=3D"mailto:'[EMAIL PROTECTED]'">'[EMAIL PROTECTED]'</A><BR><B>Sub=
ject:</B>=20
RE: [brluglist] [Fwd: NIPC Alert]<BR><BR></FONT></DIV>
<P><FONT size=3D2>Check your iso's with md5sum against Redhat's =
published=20
results from here</FONT> <BR><FONT size=3D2><A target=3D_blank=20
=
href=3D"ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/iso/i386/MD5SUM">ftp=
://ftp.redhat.com/pub/redhat/linux/7.2/en/iso/i386/MD5SUM</A></FONT>=20
</P>
<P><FONT size=3D2>-----Original Message-----</FONT> <BR><FONT =
size=3D2>From:=20
Jeff Crosby [<A=20
=
href=3D"mailto:[EMAIL PROTECTED]">mailto:[EMAIL PROTECTED]</A>]</FONT>=20
<BR><FONT size=3D2>Sent: Friday, October 26, 2001 12:14 PM</FONT> =
<BR><FONT=20
size=3D2>To: [EMAIL PROTECTED]</FONT> <BR><FONT size=3D2>Subject: =
Re:=20
[brluglist] [Fwd: NIPC Alert]</FONT> </P><BR>
<P><FONT size=3D2>How can we tell if the iso's have been tampered =
with? =20
They could replace</FONT> <BR><FONT size=3D2>packages in them? =
You mean,=20
instead of 7.2 I could actually be installing</FONT> <BR><FONT=20
size=3D2>something dangerous....like XP? Let me know. =
Jeff</FONT>=20
</P>
<P><FONT size=3D2>----- Original Message -----</FONT> <BR><FONT =
size=3D2>From:=20
"Shannon Roddy" <[EMAIL PROTECTED]></FONT> <BR><FONT=20
size=3D2>To: "Baton Rouge Linux Users Group"=20
<[EMAIL PROTECTED]></FONT> <BR><FONT size=3D2>Sent: =
Thursday, October=20
25, 2001 11:46 PM</FONT> <BR><FONT size=3D2>Subject: [brluglist] =
[Fwd: NIPC=20
Alert]</FONT> </P><BR>
<P><FONT size=3D2>> BE CAREFUL with those 7.2 CD's... Read =
below.</FONT>=20
<BR><FONT size=3D2>></FONT> <BR><FONT size=3D2>> =
Shannon</FONT> <BR><FONT=20
size=3D2>></FONT> <BR><FONT size=3D2>> -----Forwarded =
Message-----</FONT>=20
<BR><FONT size=3D2>></FONT> <BR><FONT size=3D2>> > From: =
Terry Doub=20
<[EMAIL PROTECTED]></FONT> <BR><FONT size=3D2>> > To:=20
[EMAIL PROTECTED]</FONT> <BR><FONT size=3D2>> > =
Subject: NIPC=20
Alert</FONT> <BR><FONT size=3D2>> > Date: 25 Oct 2001 13:53:47 =
-0500</FONT> <BR><FONT size=3D2>> ></FONT> <BR><FONT =
size=3D2>> >=20
The latest online update of Red Hat Linux, also known by its =
code=20
name,</FONT> <BR><FONT size=3D2>> > "Enigma," which was =
released 23=20
October, could have been tampered with</FONT> <BR><FONT=20
size=3D2>by</FONT> <BR><FONT size=3D2>> > attackers, a =
security expert=20
warned. Copies of Red Hat Linux 7.2</FONT> <BR><FONT =
size=3D2>>=20
> available from some download sites were not digitally =
signed by=20
the</FONT> <BR><FONT size=3D2>> > developer, Red Hat Inc., =
according to=20
Kurt Seifried, author of an</FONT> <BR><FONT =
size=3D2>online</FONT>=20
<BR><FONT size=3D2>> > book entitled "Linux Administrator's=20
Security Guide." "Either Red Hat</FONT> <BR><FONT=20
size=3D2>did</FONT> <BR><FONT size=3D2>> > not sign these =
packages, or=20
someone subverted the distribution process</FONT> <BR><FONT=20
size=3D2>> > before the files got to various sites," =
said Seifried=20
in a security</FONT> <BR><FONT size=3D2>> > advisory issued 23 =
October. Without such signatures, "it becomes</FONT> =
<BR><FONT=20
size=3D2>trivial</FONT> <BR><FONT size=3D2>> > for an attacker =
to=20
replace packages on a distribution site with no one</FONT> =
<BR><FONT=20
size=3D2>> > being able to easily verify that they have =
been=20
subverted," said</FONT> <BR><FONT size=3D2>> > Seifried's=20
advisory. A Red Hat spokesperson said the company =
was</FONT>=20
<BR><FONT size=3D2>studying</FONT> <BR><FONT size=3D2>> > the=20
security report.</FONT> <BR><FONT size=3D2>> > (Source: =
Newsbytes,=20
23 October)</FONT> <BR><FONT size=3D2>>=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FO=
NT> <BR><FONT=20
size=3D2>> BRLUG - The Baton Rouge Linux User Group</FONT> =
<BR><FONT=20
size=3D2>> Visit <A target=3D_blank=20
href=3D"http://www.brlug.net">http://www.brlug.net</A> for more=20
information.</FONT> <BR><FONT size=3D2>> Send email to =
[EMAIL PROTECTED]
to change</FONT> <BR><FONT size=3D2>> your subscription =
information.</FONT>=20
<BR><FONT size=3D2>>=20
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FO=
NT> </P>
<P><FONT =
size=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</FONT>=20
<BR><FONT size=3D2>BRLUG - The Baton Rouge Linux User Group</FONT> =
<BR><FONT=20
size=3D2>Visit <A target=3D_blank=20
href=3D"http://www.brlug.net">http://www.brlug.net</A> for more=20
information.</FONT> <BR><FONT size=3D2>Send email to =
[EMAIL PROTECTED] to=20
change</FONT> <BR><FONT size=3D2>your subscription =
information.</FONT>=20
<BR><FONT =
size=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</FONT>=20
</P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0019_01C15E3C.258F94E0--
================================================
BRLUG - The Baton Rouge Linux User Group
Visit http://www.brlug.net for more information.
Send email to [EMAIL PROTECTED] to change
your subscription information.
================================================