setup.exe hijacked?

Dave Korn dave.korn.cygwin@googlemail.com
Thu Sep 10 09:57:00 GMT 2009 

Michael PARKER wrote:
> I've just tried downloading setup.exe from www.cygwin.com, only to find that it crashes when run on my WinXP x64 desktop. 
> 
> Verifying against the setup.exe.sig signature I see the following:
> 
>> gpg --verify setup.exe.sig setup.exe
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Jun 16 03:50:01 2009 GMTDT using DSA key ID 676041BA
> gpg: BAD signature from "Cygwin <cygwin@cygwin.com>
> 
> Running a diff on the "strings" output of the new file vs. a "known good" version of setup.exe, I see (amongst garbage) the following:

> Any thoughts?

  I can't reproduce this locally:

> $ wget http://cygwin.com/setup.exe
> --2009-09-10 11:09:45--  http://cygwin.com/setup.exe
> Resolving cygwin.com... 209.132.176.174
> Connecting to cygwin.com|209.132.176.174|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 585728 (572K) [application/octet-stream]
> Saving to: `setup.exe'
> 
> 100%[======================================>] 585,728      121K/s   in 5.2s
> 
> 2009-09-10 11:09:51 (110 KB/s) - `setup.exe' saved [585728/585728]
> 
> 
> admin@ubik /tmp
> $ wget http://cygwin.com/setup.exe.sig
> --2009-09-10 11:09:51--  http://cygwin.com/setup.exe.sig
> Resolving cygwin.com... 209.132.176.174
> Connecting to cygwin.com|209.132.176.174|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 65 [application/octet-stream]
> Saving to: `setup.exe.sig'
> 
> 100%[======================================>] 65          --.-K/s   in 0s
> 
> 2009-09-10 11:09:51 (1.30 MB/s) - `setup.exe.sig' saved [65/65]
> 
> 
> admin@ubik /tmp
> $ gpg --verify setup.exe.sig
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Jun 16 03:50:01 2009 GMTDT using DSA key ID 676041BA
> gpg: Good signature from "Cygwin <cygwin@cygwin.com>"
> 
> admin@ubik /tmp
> $

  How did you download it?  I would suspect your browser is hijacked; try wget.

    cheers,
      DaveK


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list