, SecurityFocus 2002-06-03
The popular open-source security tool Fragroute is bugged in plain sight by unknown hackers, who may have struck before.
Expand all |
Post comment
Download Sites Hacked, Source Code Backdoored
2002-06-04
Coldman (6 replies)
Coldman (6 replies)
Download Sites Hacked, Source Code Backdoored
2002-06-04
doxavg (1 replies)
doxavg (1 replies)
Download Sites Hacked, Source Code Backdoored
2002-06-04
cras (1 replies)
cras (1 replies)
Download Sites Hacked, Source Code Backdoored
2002-06-05
Anonymous (1 replies)
Anonymous (1 replies)
Download Sites Hacked, Source Code Backdoored
2002-06-07
Chris Berry <compjma (at) hotmail (dot) com [email concealed]> (1 replies)
Chris Berry <compjma (at) hotmail (dot) com [email concealed]> (1 replies)
Sorry, but putting the private key on a 'ro' (read-only, i.e. write-protected) disk just won't let you modify it... you'll still be able to use it to sign files... The only way to circumvent a user signing a file using a private key is to use this method in conjuction with CRC/MD5 checking from a non-networked box. Perhaps a box which automatically (via cron) dials up to the server every day and compares its file with the server file then disconnects... and you could use a random time so that the attacker will have to listen all day if he wants to try and root the safebox.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/462/12972#12972