setup.exe hijacked?
Dave Korn
dave.korn.cygwin@googlemail.com
Thu Sep 10 09:57:00 GMT 2009
Michael PARKER wrote:
> I've just tried downloading setup.exe from www.cygwin.com, only to find that it crashes when run on my WinXP x64 desktop.
>
> Verifying against the setup.exe.sig signature I see the following:
>
>> gpg --verify setup.exe.sig setup.exe
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Jun 16 03:50:01 2009 GMTDT using DSA key ID 676041BA
> gpg: BAD signature from "Cygwin <cygwin@cygwin.com>
>
> Running a diff on the "strings" output of the new file vs. a "known good" version of setup.exe, I see (amongst garbage) the following:
> Any thoughts?
I can't reproduce this locally:
> $ wget http://cygwin.com/setup.exe
> --2009-09-10 11:09:45-- http://cygwin.com/setup.exe
> Resolving cygwin.com... 209.132.176.174
> Connecting to cygwin.com|209.132.176.174|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 585728 (572K) [application/octet-stream]
> Saving to: `setup.exe'
>
> 100%[======================================>] 585,728 121K/s in 5.2s
>
> 2009-09-10 11:09:51 (110 KB/s) - `setup.exe' saved [585728/585728]
>
>
> admin@ubik /tmp
> $ wget http://cygwin.com/setup.exe.sig
> --2009-09-10 11:09:51-- http://cygwin.com/setup.exe.sig
> Resolving cygwin.com... 209.132.176.174
> Connecting to cygwin.com|209.132.176.174|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 65 [application/octet-stream]
> Saving to: `setup.exe.sig'
>
> 100%[======================================>] 65 --.-K/s in 0s
>
> 2009-09-10 11:09:51 (1.30 MB/s) - `setup.exe.sig' saved [65/65]
>
>
> admin@ubik /tmp
> $ gpg --verify setup.exe.sig
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Jun 16 03:50:01 2009 GMTDT using DSA key ID 676041BA
> gpg: Good signature from "Cygwin <cygwin@cygwin.com>"
>
> admin@ubik /tmp
> $
How did you download it? I would suspect your browser is hijacked; try wget.
cheers,
DaveK
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list