[mythtv-users] pcHDTV.com defaced AGAIN (READ!)

Maarten mythtv at ultratux.org
Wed Dec 22 22:28:36 UTC 2004


On Wednesday 22 December 2004 22:46, Dan Littlejohn wrote:
> For an actual attacker (I assume less likely for an automated worm),
> if they are smart enough to get in and change the code, I doubt they
> would messup also changing the MD5 hash.  For the really paramoid PGP
> keys are more secure.

I beg to differ (on the first part). IF they go to the trouble of changing the 
driver to embed a backdoor or such in it, it seems logical to trivially 
compute a new checksum for it too.  Otherwise, why change the sources, that 
would be noted within hours by some attentive user.

In fact I see very little, if any, sense in the use of md5 checksums.  
Remember, both files reside on the same server.  When you [can] change one 
you can change both. And 'md5sum filename > filename.md5' is about the 
simplest command around.

You're right that if it's just a worm it probably won't change any md5sums. 
But then again, a worm isn't likely to infect the drivers either.  As of yet 
anyway, but we all know how smart worms are on that 'other' platform...

Maarten

>
> On Wed, 22 Dec 2004 16:07:19 -0500 (EST), Phil Bridges
>
> <phil at gravityhammer.com> wrote:
> > > For drivers, checksums will be provided in the future.  Although
> > > unlikely that the past drivers were infected, just to be safe, there
> > > will be checksums from now on.
> >
> > Do checksums really work if the entire site is accessed?  Couldn't
> > hackers just change the shecksums to match the new file?
> > _______________________________________________
> > mythtv-users mailing list
> > mythtv-users at mythtv.org
> > http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

-- 
Linux: Because rebooting is for adding hardware.



More information about the mythtv-users mailing list