GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« (Updated) Advanced Topic of the Week: Handling Authorized Scanning Traffic | Main | Announcing Release of OWASP ModSecurity Core Rule Set v2.1.0 »

28 December 2010

Comments

This writeup does little more than convince readers that because the tarballs' checksums were not changed recently, then it must go to follow by implication that there is no backdoor in the ettercap project.

In fact, this is quite contrary to the situation at hand -- If the source of ettercap in earlier revisions (say, 5+ years ago as the zine claims) contained a backdoor or vulnerability which was never discovered nor disclosed, it is likely to still reside within the project. Further, checking to ensure that the SHA1 sums of these tarballs are the same now as they were then (when??) only proves that the contents of said tarballs has not changed since ALoR's last pull from the project's repository.

It seems that this article is very misleading and in this industry, a false sense of security is much worse than FUD.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment