[mythtv-users] pcHDTV.com defaced AGAIN (READ!)
mythtv at ultratux.org
Wed Dec 22 22:28:36 UTC 2004
On Wednesday 22 December 2004 22:46, Dan Littlejohn wrote:
> For an actual attacker (I assume less likely for an automated worm),
> if they are smart enough to get in and change the code, I doubt they
> would messup also changing the MD5 hash. For the really paramoid PGP
> keys are more secure.
I beg to differ (on the first part). IF they go to the trouble of changing the
driver to embed a backdoor or such in it, it seems logical to trivially
compute a new checksum for it too. Otherwise, why change the sources, that
would be noted within hours by some attentive user.
In fact I see very little, if any, sense in the use of md5 checksums.
Remember, both files reside on the same server. When you [can] change one
you can change both. And 'md5sum filename > filename.md5' is about the
simplest command around.
You're right that if it's just a worm it probably won't change any md5sums.
But then again, a worm isn't likely to infect the drivers either. As of yet
anyway, but we all know how smart worms are on that 'other' platform...
> On Wed, 22 Dec 2004 16:07:19 -0500 (EST), Phil Bridges
> <phil at gravityhammer.com> wrote:
> > > For drivers, checksums will be provided in the future. Although
> > > unlikely that the past drivers were infected, just to be safe, there
> > > will be checksums from now on.
> > Do checksums really work if the entire site is accessed? Couldn't
> > hackers just change the shecksums to match the new file?
> > _______________________________________________
> > mythtv-users mailing list
> > mythtv-users at mythtv.org
> > http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
Linux: Because rebooting is for adding hardware.
More information about the mythtv-users