Re: I'm afraid I've been cracked.

To: Steve Juranich <sjuranic@kant.ee.washington.edu>
Cc: Debian Users List <debian-user@lists.debian.org>, Alvin Oga <aoga@Mail.Linux-Consulting.com>
Subject: Re: I'm afraid I've been cracked.
From: Ethan Benson <erbenson@alaska.net>
Date: Thu, 28 Sep 2000 03:43:02 -0800
Message-id: <[🔎] 20000928034301.E1928@plato.local.lan>
In-reply-to: <[🔎] Pine.SOL.3.96.1000927193921.12770C-100000@condor.ee.washington.edu>; from sjuranic@kant.ee.washington.edu on Wed, Sep 27, 2000 at 07:49:00PM -0700
References: <[🔎] Pine.LNX.3.96.1000927162447.23249A-100000@Maggie.Linux-Consulting.com> <[🔎] Pine.SOL.3.96.1000927193921.12770C-100000@condor.ee.washington.edu>

On Wed, Sep 27, 2000 at 07:49:00PM -0700, Steve Juranich wrote:
> 
> Please remember that you're speaking to a recent convert from Mandrake.
> There, all I would have to do would be 'rpm -V `which top`' and rpm would
> tell me if the md5sum had been changed from the original package.  Does dpkg

what is stopping the attacker from installing a replacment top package
with the same name and version?  or replacing /bin/rpm?  then you
would be none the wiser.

> have a similar funcitonality? I couldn't find mention of it in the man page.

debsums but like rpm -V its worthless for security.  only useful for
finding corruption due to disk crashes and whatnot.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpMUWPBiQhJ0.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: I'm afraid I've been cracked.
  - From: James Antill <james@and.org>

References:
- Re: I'm afraid I've been cracked.
  - From: Alvin Oga <aoga@Mail.Linux-Consulting.com>
- Re: I'm afraid I've been cracked.
  - From: Steve Juranich <sjuranic@kant.ee.washington.edu>

Prev by Date: mount problems NEED URGENT HELP
Next by Date: Re: sawfish beeping on resize
Previous by thread: Re: I'm afraid I've been cracked.
Next by thread: Re: I'm afraid I've been cracked.
Index(es):
- Date
- Thread