Miscellaneous > The Lounge

Lazy looks at unixsucks.com

<< < (2/2)

voidmain:
Sigh, regarding that SSH trojan. It was something that was caught just a few days after the trojan was placed there. And it was only in the source distribution and it actually did not effect SSH itself but created a trojan when you compiled it. This *never* made it into any distribution.

It would have only effected someone who happened to download the latest bleading edge source package from a mirror during that few day period and built it. If they passed the SSH binaries along to someone else it would not pass the trojan along.

There are also MD5 checksums which work similar to digital signing that nobody seemed to check when they downloaded the source which would have caught the issue in it's tracks.

It was embarrassing but no more embarrassing than Microsoft  shipping CDs with viruses on them (which has happened more than once).

lazygamer:
Thanks for the help, sounds like Unixsucks.com really sucks!

Navigation

[0] Message Index

[*] Previous page