[p2p-hackers] SHA1 broken?
Nick Lothian
nlothian at educationau.edu.au
Thu Feb 17 22:31:16 UTC 2005
>
> On Thursday, February 17, 2005 Nick Lothian wrote:
> > It's not hard to imagine spyware manufactures modifying common
> > opensource applications (eg: p2p software) so they include
> spyware and
> > yet still have the same hash.
>
> Sure, but then they would have to find some innocently
> looking way to include something like this into the open source app:
>
No - they just release the built .exe without the source (or even better
- hack the original download site and replace the original version with
their malicious version. If the hashes of the apps matched this could be
pretty hard to detect).
Nick
IMPORTANT: This e-mail, including any attachments, may contain private or confidential information. If you think you may not be the intended recipient, or if you have received this e-mail in error, please contact the sender immediately and delete all copies of this e-mail. If you are not the intended recipient, you must not reproduce any part of this e-mail or disclose its contents to any other party.
This email represents the views of the individual sender, which does not necessarily reflect those of education.au limited except where the sender expressly states otherwise.
It is your responsibility to scan this email and any files transmitted with it for viruses or any other defects.
education.au limited will not be liable for any loss, damage or consequence caused directly or indirectly by this e-mail.
More information about the P2p-hackers
mailing list