On Thu, 23 Jun 2005 [EMAIL PROTECTED] wrote:
Damian wrote:
So, if you didn't do it, and none of the other team-members did it,
then who did? This raises an interesting issue: if an attacker
figures out how to poison the DNS server, nobody would get updates.
Worse, an attacker could point the records to a server under their own
control, with malicious virus definitions. I'll let everyone imagine
the worst-case consequences of that.
You almost made me cry.
Then I remembered the CVD files are signed using RSA. So there isn't a
serious concern, unless someone figures out how to factor a really big
number (or one of the signature maintainers goes crazy).
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
