lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.0.0.22.0.20030925145718.03527e98@209.112.4.2>
From: mike at sentex.net (Mike Tancsa)
Subject: DANGER: potentially broken f-prot updates

I have already contacted the vendor, but be careful about your f-prot 
updates today. It looks like they put an old def file from May 26th on 
their ftp site. The UNIX update script will happily fetch and install this.

avscan2# nslookup -type=ns f-prot.com
Server:  resolver1.sentex.ca
Address:  64.7.128.99

Non-authoritative answer:
f-prot.com      nameserver = ns1.linanet.is
f-prot.com      nameserver = skjalda.frisk-software.com
f-prot.com      nameserver = bukolla.frisk-software.com
f-prot.com      nameserver = baula.frisk-software.com

Authoritative answers can be found from:
ns1.linanet.is  internet address = 62.145.128.2
skjalda.frisk-software.com      internet address = 213.220.100.2
bukolla.frisk-software.com      internet address = 213.220.100.1
baula.frisk-software.com        internet address = 213.220.100.3
avscan2#
avscan2# host ftp.f-prot.com 213.220.100.2
Using domain server 213.220.100.2:

ftp.f-prot.com has address 204.118.23.102
ftp.f-prot.com has address 204.118.23.103
ftp.f-prot.com has address 204.118.23.101
avscan2# fetch ftp://204.118.23.102/pub/fp-def.zip
Receiving fp-def.zip (1180204 bytes): 100%
1180204 bytes transferred in 1.2 seconds (997.57 kBps)
avscan2# unzip -v fp-def.zip
Archive:  fp-def.zip
  Length   Method    Size  Ratio   Date   Time   CRC-32    Name
--------  ------  ------- -----   ----   ----   ------    ----
      295  Defl:N      272   8%  09-25-03 16:57  e98c5705  SIGN.ASC
  1054178  Defl:N   675410  36%  05-26-03 16:01  415522b4  SIGN.DEF
      295  Defl:N      272   8%  09-25-03 16:57  c21dad71  SIGN2.ASC
   733487  Defl:N   503856  31%  05-26-03 13:20  9664dc36  SIGN2.DEF
--------          -------  ---                            -------
  1788255          1179810  34%                            4 files
avscan2# md5 fp-def.zip
MD5 (fp-def.zip) = ffbe865dbfbf6721f59abdad3309c8ad
avscan2#

It really is from the 26th.. no mimail, no swen, noteven sobig.f :-(

	---Mike


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ