Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ZenMap executables not digitally signed

From: Fyodor <fyodor () insecure org>
Date: Tue, 8 Mar 2011 02:21:52 -0800
On Tue, Mar 08, 2011 at 09:25:15AM +0200, Costas Alexiou wrote:

My concern is that while i am using Zenmap latest Windows edition and
try to verify the nmap executable the procexp (Sysinternals Tool) is
showing me that cannot be verified.

So i am wondering if the nmap executables are digitally signed or not.
Because if they are may i am using a an executable that is infected
and that drives me mad.


Hi Costas.  We don't use this because it is Windows only.  Also, I'm
not sure how secure it is against the threat of rogue DLLs injecting
malware when they are used by the signed executable.  Rather, we use
this cross-platform technique to sign our downloads:

http://nmap.org/book/install.html#inst-integrity

If you saved your Nmap installer, you can still check that it is
authentic.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: