View Single Post
  #5  
Old 06-23-2007, 12:30 PM
Timmy Timmy is offline
Registered User
 
Join Date: Feb 2005
Posts: 98
Smile

One thing that I never understood about providing a hash for software distribution verification is: If an attacker is able to gain access to the distribution servers and modify the application distribution, then doesn't it stand to reason that they could also replace the webpage or file that gives the hash sting with a modified hash of the altered distribution...?

What am I missing here?
Reply With Quote