hi,
im currently downloading the 4.6 BSD iso images. does this mean that if the date of the md5sum file in the server im downloading was modified on or later than july 30 then the image might be compromised? or does the trojan only affect the individual openssh packages at the ftp sites? i know its probably a stupid question but i want to have confirmation. ciao! Joon Guillen wrote: > <snip> > > Verify MD5 checksums > > You can use the following MD5 checksums to verify the integrity of > your OpenSSH source code distribution: > Correct versions: > > 459c1d0262e939d6432f193c7a4ba8a8 openssh-3.4p1.tar.gz > d5a956263287e7fd261528bb1962f24c openssh-3.4p1.tar.gz.sig > 39659226ff5b0d16d0290b21f67c46f2 openssh-3.4.tgz > 9d3e1e31e8d6cdbfa3036cb183aa4a01 openssh-3.2.2p1.tar.gz > be4f9ed8da1735efd770dc8fa2bb808a openssh-3.2.2p1.tar.gz.sig > > At least one version of the modified Trojan horse distributions was > reported to have the following checksum: > Trojan horse version: > > 3ac9bc346d736b4a51d676faa2a08a57 openssh-3.4p1.tar.gz > > Verify PGP signature > > Additionally, distributions of the portable release of OpenSSH are > distributed with detached PGP signatures. Note that the Trojan horse > versions were not signed correctly, and attempts to verify the > signatures would have failed. > > As a matter of good security practice, the CERT/CC encourages users to > verify, whenever possible, the integrity of downloaded software. For > more information, see > > http://www.cert.org/incident_notes/IN-2001-06.html > <snip> -- "Programming, an artform that fights back." ============================= Anuerin G. Diaz Design Engineer Millennium Software, Incorporated 2305 B West Tower, Philippines Stocks Exchange Center, Exchange Road, Ortigas Center, Pasig City Tel# 637-4634 loc. 75 Fax# 637-4679 Registered Linux User #246176 ============================= _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
