[H-GEN] redhat up2date

Johann johann at spot-the-dog.com
Fri Apr 4 18:09:32 EST 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]



Jason Parker-Burlingham wrote:

>[ Humbug *General* list - semi-serious discussions about Humbug and     ]
>[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
>Johann <johann at spot-the-dog.com> writes:
>
>[Red Hat 9 being available early]
>
>  
>
>
>Uh, did you check the md5sums or signatures of the ISOs you
>downloaded before you installed them?
>  
>

I copied the md5sums from the telstra site, but if this was a trojaned 
version, I figured I'd only have the trojaned md5sums. Although the 
md5sums of the files I downloaded did agree with the ones that were 
posted on the bigpond site.

>If I'd found a copy of Red Hat 9 almost a week earlier than it was
>supposed to be available I would be checking very hard to make sure it
>wasn't trojaned.
>  
>
either good or bad, that thought did not occur to me, rather that 
telstra had either made a big boo boo, or that they somehow had a deal 
with redhat in that they are able to offer the redhat 9 isos to their 
subscribers (this is highly unlikely).

>I don't mean to sound like I'm having a go at Red Hat---quite the
>contrary.  However I would be very concerned.
>  
>
Give that other well known projects have been trojaned (although I can't 
remember them off the top of my head), and that redhat did only offer 
the iso to paid redhat subscribers, I think I should have been more 
concerned. In hindsight I was like a kid in a candy store, only thinking 
about what I was going to get and nothing else. I guess this begs a 
legal question, have I violated any legal software contracts ? (I  knew 
the isos were only available to paid subscribers in the first week), but 
then again, the isos were made available to me through a legal channel. 
Me thinks I will be doing a quick security audit of the installs, 
however I am more willing to believe (at this stage anyway) that someone 
stuffed up at telstra than the redhat 9 isos where trojaned and then 
made available on the telstra site.

So any ideas how I can check the hundreds of programs that I have 
installed. I guess the easy thing to do is wait until monday and 
re-check the md5sums, but I think I could learn a bit from trying to 
find a potential trojan.

cheers

Johann


-- 
Johann Kwiatkowski
Spot The Dog Graphics
ph: (07) 33233677
fax: (07) 33233677
mobile: 0418 797 419
web: www.spot-the-dog.com




--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list