Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to GNOME-Look.org, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Permalink for comment 400569
To read all comments associated with this story, please click here.
RE: compromised DNS?
by sbergman27 on Mon 21st Dec 2009 17:25 UTC in reply to "compromised DNS?"
sbergman27
Member since:
2005-07-24

i dont understand how this package manager/repo thing works, just wondering if it is possible,for some reason, that we landed on the wrong site/repo because of a compromised/poisoned DNS? so instead of getting pidgin update, we get malware?

Package managers check that the package is properly signed.

Reply Parent Score: 2