Bugtraq mailing list archives

Re: trojans on ftp sites

From: smb () research att com (smb () research att com)
Date: Sat, 14 May 94 23:46:53 EDT


Neither sum nor crc-32 are worth the bits they're stored in, for
this purpose; both are easy to spoof.  If you're going to do it,
do it right:  md5.

Not that I'm convinced it's a good idea.  If an ftp site is compromised,
its ls-lR file and/or its ls command are likely to be dead meat
(dead silicon?) as well.  There's also the problem of different
versions, .Z vs .gz, etc.

Current thread:

Re: trojans on ftp sites der Mouse (May 14)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- <Possible follow-ups>
- Re: trojans on ftp sites Paul Robinson (May 14)
  - Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
  - Re: your mail John Macdonald (May 16)
    - Re: your mail Steven C. Blair (May 16)
    - Re: your mail John Macdonald (May 16)
    - Re: your mail Christopher Klaus (May 16)
    - Re: your mail Adam Shostack (May 16)
    - Checksums in FTP servers. Scott Northrop (May 16)
- Re: trojans on ftp sites Gene Spafford (May 15)
- Re: trojans on ftp sites Ariel Faigon (May 17)