WriteLog
[Top] [All Lists]

Re: [WriteLog] Security warning for any downloaded software

To: w5xd@writelog.com
Subject: Re: [WriteLog] Security warning for any downloaded software
From: <k2qmf@juno.com>
Date: Tue, 4 Oct 2016 17:42:52 -0400
List-post: <writelog@contesting.com">mailto:writelog@contesting.com>
I must be getting old because this stuff is way over my head!!

Is it possible to put out a step by step procedure to do the stuff
that is required to get this to work??  Here on the reflector??

I tried to look at the info and the gnupg site but I can't make heads or
tales of it!!

Many Thanks for any help...

73,
Ted  K2QMF



On Sun, 2 Oct 2016 21:37:27 +0000 "Wayne, W5XD" <w5xd@writelog.com>
writes:
> All WriteLog users.
> 
> The security issues involving downloaded software not new, but the
> intensity of hacker attacks has grown over the years since we first
> started providing WriteLog downloads. A serious security incident
> happened in August with Audacity--a sound package that I happen to
> highly recommend, and whose download procedures has some similarity 
> with
> WriteLog's. That incident is described here:
> 
>     http://www.audacityteam.org/compromised-download-partner/
> 
> We at Writelog cannot absolutely guarantee that what happened to
> audacity--hackers replacing a popular download with malware--cannot 
> also
> happen at writelog.com. We--and the hosting service we purchase 
> from,
> qth.com--make our best efforts to secure the site. But, as 
> described
> above, hackers are working continuously to find holes.
> 
> The WriteLog team provides a second line of defense against such an
> attack, and we have provided this digital signing for many years 
> (at
> least since 2012.) It is described here:
> 
>     http://writelog.com/notes/about-pgp-sigs
> 
> The second line of defense is NOT automatic. You have to learn how 
> to
> verify the integrity of downloads using a tool (and I recommend the 
> one
> at https://gnupg.org/) If you do not know what I am talking about, 
> then
> you need to read the whole page at
> http://writelog.com/notes/about-pgp-sigs, you need to install 
> gnupg,
> download WriteLog's public certificate, and get in the habit of 
> checking
> the .sig file that WriteLog provides when you download an 
> installer.
> 
> Windows does provide built-in automatic methods to verify digital
> signatures (i.e. that don't require you to manually run a public 
> key
> verification), but we don't currently have them. That is because
> Microsoft does not give those certificates away, we're on a budget, 
> and
> we think our users are technically inclined ham radio operators that
> know how to handle technology and they like their software to be 
> low
> cost (gnupg is free).
> 
> We cannot prevent WriteLog users from ignoring that second line of
> defense. If you do ignore it, then you're depending solely on the
> integrity of the web security at writelog.com.
> 
> Wayne
> 
> 
> _______________________________________________
> WriteLog mailing list
> WriteLog@contesting.com
> http://lists.contesting.com/mailman/listinfo/writelog
> WriteLog on the web:  http://www.writelog.com/
> 

____________________________________________________________
How To Remove Lip Lines & Aging Eye Bags In Under 3 Minutes
Health News 24
http://thirdpartyoffers.juno.com/TGL3141/57f422d938f1522d8019ast02vuc
_______________________________________________
WriteLog mailing list
WriteLog@contesting.com
http://lists.contesting.com/mailman/listinfo/writelog
WriteLog on the web:  http://www.writelog.com/

<Prev in Thread] Current Thread [Next in Thread>