From: Jerome Shidel <jer...@shidel.net>
--===============7100588076500674313==
Content-Type: multipart/alternative;
boundary="Apple-Mail=_C7C56578-944A-4209-8A1B-F1845F831DBE"
--Apple-Mail=_C7C56578-944A-4209-8A1B-F1845F831DBE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> On Jan 14, 2017, at 2:21 PM, shaclacroi <shaclac...@fastservice.com> wrote:
>
> The download page links to checksums at
http://www.freedos.org/download/verify.txt -- but since this page isn't
available over https, there's no way to confirm the validity of the checksums,
since the page could be intercepted and modified by a man-in-the-middle
attacker (https://en.wikipedia.org/wiki/Man-in-the-middle_attack).
>
> As free secure https certficates are now offered by Let's Encrypt
(https://letsencrypt.org/), it may be advisable to get https set up for
www.freedos.org.
>
> Alternatively, as I see your hosted on Amazon Web Services, if you're using
Elastic Load Balancing or Amazon CloudFront, Amazon's Certificate Manager also
offers free https certificates.
>
> Let me know if I can be of any help.
If you are still concerned that your download might have been compromised by a
MIM, you can get copies of the MD5 & SHA256 hash values or even the download
the entire release media from my server https://fd.lod.bz <https://fd.lod.bz/>
.. At present, it contains a mirror of the FreeDOS releases and a FreeDOS
compatible software repository. The repo contains all the packages that shipped
with FreeDOS 1.0 through 1.2, the official repository and a couple other free
software packages that are not in the official repo.
Jerome
--Apple-Mail=_C7C56578-944A-4209-8A1B-F1845F831DBE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv="Content-Type" content="text/html
charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode:
space; -webkit-line-break: after-white-space;" class=""><br
class=""><div><blockquote type="cite" class=""><div class="">On Jan 14, 2017,
at 2:21 PM, shaclacroi <<a href="mailto:shaclac...@fastservice.com";
class="">shaclac...@fastservice.com</a>> wrote:</div><br
class="Apple-interchange-newline"><div class=""><div class=""><div
style="font-family: Verdana;font-size: 12.0px;" class=""><div class="">The
download page links to checksums at <a
href="http://www.freedos.org/download/verify.txt";
class="">http://www.freedos.org/download/verify.txt</a> -- but since this page
isn't available over https, there's no way to confirm the validity of the
checksums, since the page could be intercepted and modified by a
man-in-the-middle attacker (<a
href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack";
class="">https://en.wikipedia.org/wiki/Man-in-the-middle_attack</a>).</div>
<div class=""> </div>
<div class="">As free secure https certficates are now offered by Let's Encrypt
(<a href="https://letsencrypt.org/"; class="">https://letsencrypt.org/</a>), it
may be advisable to get https set up for <a href="http://www.freedos.org";
class="">www.freedos.org</a>.</div>
<div class=""> </div>
<div class="">Alternatively, as I see your hosted on Amazon Web Services, if
you're using Elastic Load Balancing or Amazon CloudFront, Amazon's Certificate
Manager also offers free https certificates.</div>
<div class=""> </div>
<div class="">Let me know if I can be of any
help.</div></div></div></div></blockquote><br class=""></div><div>If you are
still concerned that your download might have been compromised by a MIM, you
can get copies of the MD5 & SHA256 hash values or even the download the
entire release media from my server <a href="https://fd.lod.bz";
class="">https://fd.lod.bz</a> . At present, it contains a mirror of the
FreeDOS releases and a FreeDOS compatible software repository. The repo
contains all the packages that shipped with FreeDOS 1.0 through 1.2, the
official repository and a couple other free software packages that are not in
the official repo. </div><div><br class=""></div><div>Jerome</div><br
class=""></body></html>
--Apple-Mail=_C7C56578-944A-4209-8A1B-F1845F831DBE--
--===============7100588076500674313==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
--===============7100588076500674313==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
--===============7100588076500674313==--
--- Internet Rex 2.29
* Origin: capcity2.synchro.net - 502/875-8938 (276:10/901)
--- Synchronet 3.15a-Linux ListGate 1.3
* Capitol City Online - Frankfort, KY - telnet://capitolcityonline.net
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
