Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2010-05-20 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Is this version of PuTTY legit?

Published: 2010-05-20
Last Updated: 2010-05-20 18:07:56 UTC
by Joel Esler (Version: 2)
6 comment(s)

Write in from Andy (thanks Andy!) asking today if http://putty.very.rulez.org/ is a legit site to download putty (the popular tool to connect from a Windows box to Unix boxes via Telnet/SSH, etc.).

How did Andy find this site you ask?  Well, if you go to Google and type in "Putty" you'll notice that the above URL is SEO'ed ABOVE the actual putty.org website.

So far, when I downloaded both versions (from the above site, and from putty.org) the md5's match up, so right now, they are legit copies.  I'm not accusing rulez.org of doing anything inappropriate, don't get that impression.  I'm just using an abundance of caution, heck, they may be a legit mirror.  But as far as I can tell, they aren't on the authorized mirrors list, found here.

So, we prefer that you get your PuTTY downloads from the correct site.  Putty.org.  Which, if you click on the download link, it will redirect you to here.

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Which is the actual download link.  

Thanks Andy for writing in and staying vigilant about watching those URL's!

UPDATE: A write in reminds us that using gpg to verify the packages is preferred.  I agree.

 

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

 

Keywords:
6 comment(s)

Bind patches are out

Published: 2010-05-20
Last Updated: 2010-05-20 13:40:53 UTC
by Joel Esler (Version: 1)
2 comment(s)

Several versions of Bind were updated with patches this morning.  The patches, according to the release notes found here, read as follows:

"Named could return SERVFAIL for negative responses from unsigned zones."

So if you are running Bind, be sure and update here.

 

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Keywords:
2 comment(s)
Diary Archives