Is this version of PuTTY legit?
Write in from Andy (thanks Andy!) asking today if http://putty.very.rulez.org/ is a legit site to download putty (the popular tool to connect from a Windows box to Unix boxes via Telnet/SSH, etc.).
How did Andy find this site you ask? Well, if you go to Google and type in "Putty" you'll notice that the above URL is SEO'ed ABOVE the actual putty.org website.
So far, when I downloaded both versions (from the above site, and from putty.org) the md5's match up, so right now, they are legit copies. I'm not accusing rulez.org of doing anything inappropriate, don't get that impression. I'm just using an abundance of caution, heck, they may be a legit mirror. But as far as I can tell, they aren't on the authorized mirrors list, found here.
So, we prefer that you get your PuTTY downloads from the correct site. Putty.org. Which, if you click on the download link, it will redirect you to here.
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Which is the actual download link.
Thanks Andy for writing in and staying vigilant about watching those URL's!
UPDATE: A write in reminds us that using gpg to verify the packages is preferred. I agree.
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
Bind patches are out
Several versions of Bind were updated with patches this morning. The patches, according to the release notes found here, read as follows:
"Named could return SERVFAIL for negative responses from unsigned zones."
So if you are running Bind, be sure and update here.
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
Comments