On Tue, Aug 24, 2004 at 09:11:34PM -0400, Michael Stone wrote: > On Wed, Aug 25, 2004 at 12:39:57AM +0200, Rolf Kutz wrote: > >This depends on how the attack really works. If > >you just need to flip a few bits in a document it > >might just look like typos (think crc32). If your > >document is a tarball or a .deb you might be able > >to insert a lot of "garbage" to it without being > >noticed. > > Right, but is someone inserting garbage into a .deb really a threat? I'd > be more concerned about the insertion of malicious code... I imagine that the garbage would be to bring the md5sum back to the original to hide the trojan, rather than "hey, look, I can stick garbage on the end of the .deb and still keep the same md5sum! whee!". - Matt
Attachment:
signature.asc
Description: Digital signature