[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
-----BEGIN PGP SIGNED MESSAGE-----
In list.cypherpunks, [email protected] writes:
<paranoia>
> This isn't just an issue of making sure your copy wasn't munged in transit;
> without checksums, what's stopping netscape from embedding the info you
> provide in the binary before shipping it to you, so that if it shows
> up on hacktic, they know who did it?
</paranoia>
<img src="SarcasticGrin.jpg">
I trust Netscape, but I also cut the cards...
[18:02] 1 [d:\tmp]:sendai# md5sum -b ns_inst.exe
0f4de3e744ec4e356ba9f8feb3ded7ec *ns_inst.exe
[18:03] 1 [d:\tmp]:sendai# dir ns_inst.exe
Volume in drive D is unlabeled Serial number is 4362:1EF5
Directory of d:\tmp\ns_inst.exe
ns_inst.exe 3008531 7-16-96 20:24
3,008,531 bytes in 1 file(s) 3,010,560 bytes allocated
10,551,296 bytes free
Their file delivery CGI could use some work... no reason I can see to
offer the filename 'pick.cgi' for everything. Anyone sniffing the link
knows the filename from previous forms submissions, anyway.
OBRealCrypto: What's the best method for authenticating successive
interactions with a CGI? Currently, the password is being passed clear
as a hidden input field, but I have to believe there's a better way than
that. One point is that the user will not be explicitly ending his
session, but just wandering off to other pages.
- --
Roy M. Silvernail [ ] [email protected]
PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6
Key available from [email protected]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMe7F1hvikii9febJAQErowP+Kk+3RTSSeovzP6NcJquaM3DDwcVt4j1G
KkXlKAAkQ2wTtueMeGsq4XNHf7bzwVOe2oMlqYTYzT2MIHgEvqbizrm3usCXeWK6
5iX1uIXnI3DDBuvCIZGkJs10wFJ6BvhHu3OxAsTadx5CwIMG1wDsLyIqoOs2wyV3
A4Ze99/SmpQ=
=tjRf
-----END PGP SIGNATURE-----