lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <48188F01.2000402@secnap.net>
Date: Wed, 30 Apr 2008 11:23:45 -0400
From: Michael Scheidell <scheidell@...nap.net>
To: bugtraq@...urityfocus.com
Subject: heanet.dl.sourceforge.net hacked?


or have wrong file?

in attempting to upgrade png (due to security problem), we tried to pull 
from sourceforge mirrors.
(note below, libpng says file size for libpng-1.2.27.tar.bz2 with 
scripts should be 641193)  heanet has a bigger file.
other sourceforge.net mirrors have it right.

Was heanet.dl hacked?  are some people downloading a trojanized version 
of png?
all attempts (in the past) to contact sourceforge had been useless.

http://www.libpng.org/pub/png/libpng.html


Attempting to fetch from 
http://heanet.dl.sourceforge.net/sourceforge/libpng/.
fetch: 
http://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.27.tar.bz2: 
size mismatch: expected 641193, actual 804821

-- 
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
 > *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/>

_____________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com. 
_____________________________________________________________________________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ