* Quoting Matthew Palmer ([EMAIL PROTECTED]): > On Tue, Aug 24, 2004 at 09:11:34PM -0400, Michael Stone wrote: > > On Wed, Aug 25, 2004 at 12:39:57AM +0200, Rolf Kutz wrote: > > >This depends on how the attack really works. If > > >you just need to flip a few bits in a document it > > >might just look like typos (think crc32). If your > > >document is a tarball or a .deb you might be able > > >to insert a lot of "garbage" to it without being > > >noticed. > > > > Right, but is someone inserting garbage into a .deb really a threat? I'd > > be more concerned about the insertion of malicious code... > > I imagine that the garbage would be to bring the md5sum back to the original > to hide the trojan, rather than "hey, look, I can stick garbage on the end > of the .deb and still keep the same md5sum! whee!".
Right! - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]