Vulnerability Development mailing list archives

Re: Re: ssh trojaned

From: Jonas Anden <dajudge () home se>
Date: 05 Aug 2002 19:27:09 +0200

or perhaps, if I am mirror A have a watchdog script compare my md5 sum to
every other md5 sum accross the mirrors, and take some action should the
ratio of unmatching MD5's falls below a certain percentage...


Should the published MD5 sum of a file I have mirrored be different on
*ANY* of the other mirrors (or the primary site) be different from the
calculated MD5 sum of my file, all sorts of bells and whistles should go
off. Something is wrong; either my copy or their copy is bad. Either
way, something needs to be done about it.

Such a scheme would have
a) stopped the mirroring of the trojaned ssh package.
b) detected the trojaned ssh package much faster.

  // J

Current thread:

Re: Re: ssh trojaned, (continued)
- Re: Re: ssh trojaned wozz (Aug 02)
  - RE: Re: ssh trojaned Joe Harrison (Aug 03)
  - Re: Re: ssh trojaned Nick Lange (Aug 05)
    - Re: ssh trojaned loki_ (Aug 05)
    - Re: ssh trojaned Nick Lange (Aug 05)
    - Re: ssh trojaned Joakim Andersson (Aug 05)
    - Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 06)
    - Re: ssh trojaned Andreas Krennmair (Aug 06)
    - Re: ssh trojaned Alex Lambert (Aug 06)
    - Message not available
    - Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 07)
    - Re: Re: ssh trojaned Jonas Anden (Aug 05)
    - Re: Re: ssh trojaned Tan Wee Yeh (Aug 05)
    - Re: Re: ssh trojaned Thomas Cannon (Aug 05)
- Re: ssh trojaned Grudge Mason (Aug 02)
- RE: Re: ssh trojaned kevin () ktstone com (Aug 03)