> Yes, if you're already running in a virtualised environment then
> providing a mechanism for checking the system makes sense. I'm just not
> sure it's a compelling reason to move from a non-virtualised system to a
> virtualised system.
Indeed. I don't expect an integrity scanner like CDR to be *
On Sun, Jul 01, 2007 at 02:59:03PM -0700, [EMAIL PROTECTED] wrote:
> > With modern hardware the sensible thing to do is just to boot from CD.
>
> With modern hardware shutting a dom0 down might mean taking out 10+
> active, virtualized servers (in a HA environment it means live migrating
> those
> needs replacing immediately.
So if not immediately, is there a timeline for replacing md5 in the deb
package format? I'm not familiar with how these edge cases work so maybe
that's a question for the dpkg maintainers. Regardless, I imagine the best
way to replace md5 would be to offer both md5 a
On Sat, Jun 30, 2007 at 04:21:11PM -0700, [EMAIL PROTECTED] wrote:
> Escalation of privileges is one attack, yes. Although the type of "attack"
> I'm talking about is for users that already have the ability to write a
> root-owned binary. I'm describing more of a DoS attack that basically just
> k
> Right, but being able to create a collision isn't the same as being able
> to create a *useful* collision. You need to be able to alter the
> functionality of the program in a very specific way in order to use it
> to escalate privileges.
Escalation of privileges is one attack, yes. Although the
On Sat, Jun 30, 2007 at 09:14:17AM -0700, [EMAIL PROTECTED] wrote:
> Ahh, you are correct. I was thinking of kernel-based rootkits being
> common. I have no evidence that states collision attacks are currently
> common. To clarify, it's trivially easy, using freely available source
> code[1] (31 s
>> This is great until md5 collision attacks[1] and
>> kernel-based rootkits are used on your system (common these days).
>
> Do you have any references to the use of md5 collision attacks being
> common?
Ahh, you are correct. I was thinking of kernel-based rootkits being
common. I have no evidenc
.
> We have been working on a to-be-open-sourced product we are calling
> Checksums Done Right (CDR). A colleague gave a talk last week that
> included some notes about CDR[2]. Basically we've processed the md5sums
> files in dapper, edgy, and feisty and dumped it into a databa
known good
system, uses a local cache, and has no integration into the mirror or
packaging system.
We have been working on a to-be-open-sourced product we are calling
Checksums Done Right (CDR). A colleague gave a talk last week that
included some notes about CDR[2]. Basically we've processe
