[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RE: 'On my Soap Box'

Subject: Re: [cobalt-security] RE: 'On my Soap Box'
From: "Marc Gear" <marcg@xxxxxxxxxxxxxx>
Date: Wed, 14 Mar 2001 12:17:05 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I'd just like to point out that if the cobalt distribution server
> was comprimised and the pkg files were tampered with, its a fair
> assumption that the webpage would be altered to reflect the new
> altered MD5 sums.

depends on whether ftp.cobalt.com is the same box as emea, asiapc, www, and
japan.cobalt.com (where the md5sums will be displayed)
I would kinda hope it wasnt, but they are on the same subnet, so it suggests
they probably are all just virtual sites on the same cobalt.

it is pretty common practice to include these things on download sites
though.
--
/\/\ a R (

References:
- Re: [cobalt-security] RE: 'On my Soap Box'
  - From: Mark Anderson

Prev by Date: Re: [cobalt-security] SIGUSR1
Next by Date: Re: [cobalt-security] [RaQ3] Hacked ... a summary
Previous by thread: Re: [cobalt-security] RE: 'On my Soap Box'
Next by thread: [cobalt-security] phpmyadmin protected by >htaccess

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index