[ubuntu-in] Linux Trojan Raises Malware Concerns
Mallikarjun(ಮಲ್ಲಿಕಾರ್ಜುನ್)
mallik.v.arjun at gmail.com
Tue Jun 15 18:40:15 BST 2010
On Tue, Jun 15, 2010 at 9:39 AM, VIGNESH PRABHU <stove311987 at gmail.com> wrote:
>
>
> On Tue, Jun 15, 2010 at 9:28 AM, Narendra Diwate <narendra.diwate at gmail.com>
> wrote:
>>>
>>> Not sure how that will help. If someone has been able to upload or put a
>>> compromised package on a site, he can also put a md5sum for it. When you are
>>> downloading from a untrusted place, everything there can be suspect.
>
> Well Nigel actually was suggesting you to check the md5sum from the real
> source or from the main repository. The idea is that though it is advisable
> to download packages from nearest mirror, it is always good to confirm that
> the package uploaded by the mirror is a genuine package.
>
But not all downloads will have mirrors, only popular ones will have...
(with Mirrors) Also If someone compromised into main server and
changed MD5 Hash then all mirrors will look to be forged...
> --
> Regards,
> Vignesh
> B. Tech in Computer Science
> National Institute Of Technology-Durgapur
>
>
>
>
> --
> ubuntu-in mailing list
> ubuntu-in at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
>
>
More information about the ubuntu-in
mailing list