Nmap Development mailing list archives
Re: ZenMap executables not digitally signed
From: Fyodor <fyodor () insecure org>
Date: Tue, 8 Mar 2011 02:21:52 -0800
On Tue, Mar 08, 2011 at 09:25:15AM +0200, Costas Alexiou wrote:
My concern is that while i am using Zenmap latest Windows edition and try to verify the nmap executable the procexp (Sysinternals Tool) is showing me that cannot be verified. So i am wondering if the nmap executables are digitally signed or not. Because if they are may i am using a an executable that is infected and that drives me mad.
Hi Costas. We don't use this because it is Windows only. Also, I'm not sure how secure it is against the threat of rogue DLLs injecting malware when they are used by the signed executable. Rather, we use this cross-platform technique to sign our downloads: http://nmap.org/book/install.html#inst-integrity If you saved your Nmap installer, you can still check that it is authentic. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ZenMap executables not digitally signed Costas Alexiou (Mar 08)
- Re: ZenMap executables not digitally signed Fyodor (Mar 08)