Linked by Thom Holwerda on Wed 16th Dec 2009 21:38 UTC, submitted by whorider
Privacy, Security, Encryption This news is already a week old, but it only got submitted to us today, and I didn't notice it all. As it turns out, two malicious software packages had been uploaded to, masquerading as valid .deb packages (a GNOME screensaver and theme, respectively).
Thread beginning with comment 400569
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: compromised DNS?
by sbergman27 on Mon 21st Dec 2009 17:25 UTC in reply to "compromised DNS?"
Member since:

i dont understand how this package manager/repo thing works, just wondering if it is possible,for some reason, that we landed on the wrong site/repo because of a compromised/poisoned DNS? so instead of getting pidgin update, we get malware?

Package managers check that the package is properly signed.

Reply Parent Score: 2