Lisi Reisz wrote:
On Saturday 02 August 2008 17:49:40 David B Teague wrote:
This is a very brief summary from this web site
http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta
.php
The article says the EvilGrade Exploit tool kit is able to attack
systems using the "man in the middle", attacking through the
installation mechanism.
It actually says "updates" not installation (my stars):
<quote>
infecting systems through the **update** mechanism, according to a ZDNet
blog. The attackers claim, in the Readme for the kit, to have modules
implemented to attack the following product **updates**
</quote>
The attacker specifically mentions OO.o in the
kit "ReadMe".
No, it says:"OpenOffices"
This is not the correct name of this program (or site) and OOo does not have
updates as such.
I doubt they have achieved what they claim, tho' that doesn't mean that we can
all be complacent.
OK, they committed a spelling error, but if they HAVE compromised
OpenOffice.org as I think they are suggesting, the spelling error in
their "ReadMe" will not make any difference at all. We will have given
them access to our systems through the installer.
I do not pretend to understand all this, but I do understand the idea of
threat. At present, to update OO.o, I download a Windows installation
file, and run it. I don't see any mechanism for signature or do I see
easy access to checksums.
I assure you in the future, I will be looking for checksums. I would
prefer have digital signatures for installation files. If checksums will
assure me no one has fiddled with the installer, I'll gladly go through
the process of confirming check sums.
Now, would someone answer my questions?
Is Lisi is right, there is no danger because of the difference between
"updates" and "installers"?
Is there any intent to introduce digital signatures?
Do checksums do the same thing as digital signatures?
David Teague
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
