Skip to content

On the issue of downloading files from untrusted sites #2

As I promised, I am going to describea couple of ideas I perceived while I was going through the vulnerability in VMWare products. Here is the first one. More than a year ago I wrote about the threats of downloading OS from p2p networks and one of my Russian readers told me that it is quite safe if you know the correct hash value for the ISO image. Unfortunately, my recent post about the vulnerability has just rendered such an opinion as not very correct. You see, when the file is downloaded from some p2p network, it is sometimes accompanied with some unnecessary files, so it is pretty easy to trigger such a trap. Therefore, there is no safe p2p downloads, actually.

P.S. BTW, hash code only does reasonably good protection – not a silver bullet. It is not necessary unique for every file of the same size.