A few things, mostly technical notes...

Wednesday, March 09, 2005

Can you trust download.com?

Was reading about the Security Fix for PuTTY dated Feb 20, 2005, I stumbled upon this on their download page:

2004-12-23 Trojan PuTTY installer circulating

We've been alerted to a trojan PuTTY 0.56 installer that was posted on CNET's download.com for about a fortnight (now removed). We are informed it installed various spyware.

The file length was 509860 bytes (much shorter than any installer we've ever released) and the md5sum was 49550e478e9dd008998c2c5294a884c5.

We'd like to take this opportunity to encourage everyone to verify the signatures of PuTTY downloads before executing them. Details are on our Keys page.

Another solid proof that you cannot trust downloads.com and similar sites. Not that they wrote the program, they are just storing it to be downloaded, but still Spyware gets inside there copy. Whew...!!

No comments:


Creative Commons License
This work is licensed under a Creative Commons License.