Modified Src

[ned <nd () felinemenace org>]

hi,
i am glad dave has stopped (?) talking about HashDB and the benefits of 
checking hashes on software to make sure it is not modified. when you look 
at the situation of 'back-doored' software you must realise that the 
person who backdoors the software usually has access to the pages that 
supply the 'correct' hash. i believe what we need is a 20,000 mirrors of a 
single hash so its impossible for the modifier to change it on a single 
location. he has to use his p0day on all 20,000 machines.

because i like to remember the time when dailydave was actually just for 
dave (ml's, who needs 'em?!) i found this.

http://www.immunitysec.com/dailydave/9.10.2002.html

and if anyone thinks that just because their software has been owned 
doesn't mean that the attacked does not have the brains to run md5sum then 
it's the most pure of ignorance.

oh, and seeing that the current state of a servers security is constantly 
changing then a single database will not suffice either.

safety in numbers, right?
- nd

-- 
http://felinemenace.org/~nd

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave