bind8, libpcap, tcpdump

R Anderson listbox at pole-position.org
Thu Nov 14 13:18:22 PST 2002


Dan Osterrath wrote:

> And in libpcap and tcpdump might be a trojan horse when downloaded 
> from http://tcpdump.org
> http://www.heise.de/newsticker/data/pab-13.11.02-002/
> http://www.cert.org/advisories/CA-2002-30.html


Uh, once again a coincidence I didn't get hurt. Security by coincidence 
is much worse than security by obscurity :-)

It seems one really should be more paranoid when downloading sources. 
MD5's published on the same server is of little use, but I think I'll 
finally start checking PGP signatures now, when available.  Why blindly 
trust ftp.kernel.org, for a starter?

[re-reading the last sentence... shivering...]

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list