October 29th, 2004, 02:05 PM
Fake email targets Red Hat Linux
Source : http://www.news.com.au/common/story_...E15306,00.html
LINUX distributor Red Hat has warned about an email scam designed to lure users of its open source software to download a fake update.
The emails appear to come from Red Hat's security team and urge users to download and run a supposed update from their home directory.
The update appeared to contain malicious code, Red Had said in an online security advisory.
"Official messages from the Red Hat security team are never unsolicited, are always sent from the address firstname.lastname@example.org
and are digitally signed by GPG," the advisory said.
"All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified."
October 29th, 2004, 02:09 PM
December 4th, 2004, 04:30 AM
Sorry to go off topic here, but they mentioned digitally signed updates (or software for that matter). My question is how do they accomplish this, and wouldn't an attacker be able to generate this same digital code?