I must be getting old because this stuff is way over my head!!
Is it possible to put out a step by step procedure to do the stuff
that is required to get this to work?? Here on the reflector??
I tried to look at the info and the gnupg site but I can't make heads or
tales of it!!
Many Thanks for any help...
73,
Ted K2QMF
On Sun, 2 Oct 2016 21:37:27 +0000 "Wayne, W5XD" <w5xd@writelog.com>
writes:
> All WriteLog users.
>
> The security issues involving downloaded software not new, but the
> intensity of hacker attacks has grown over the years since we first
> started providing WriteLog downloads. A serious security incident
> happened in August with Audacity--a sound package that I happen to
> highly recommend, and whose download procedures has some similarity
> with
> WriteLog's. That incident is described here:
>
> http://www.audacityteam.org/compromised-download-partner/
>
> We at Writelog cannot absolutely guarantee that what happened to
> audacity--hackers replacing a popular download with malware--cannot
> also
> happen at writelog.com. We--and the hosting service we purchase
> from,
> qth.com--make our best efforts to secure the site. But, as
> described
> above, hackers are working continuously to find holes.
>
> The WriteLog team provides a second line of defense against such an
> attack, and we have provided this digital signing for many years
> (at
> least since 2012.) It is described here:
>
> http://writelog.com/notes/about-pgp-sigs
>
> The second line of defense is NOT automatic. You have to learn how
> to
> verify the integrity of downloads using a tool (and I recommend the
> one
> at https://gnupg.org/) If you do not know what I am talking about,
> then
> you need to read the whole page at
> http://writelog.com/notes/about-pgp-sigs, you need to install
> gnupg,
> download WriteLog's public certificate, and get in the habit of
> checking
> the .sig file that WriteLog provides when you download an
> installer.
>
> Windows does provide built-in automatic methods to verify digital
> signatures (i.e. that don't require you to manually run a public
> key
> verification), but we don't currently have them. That is because
> Microsoft does not give those certificates away, we're on a budget,
> and
> we think our users are technically inclined ham radio operators that
> know how to handle technology and they like their software to be
> low
> cost (gnupg is free).
>
> We cannot prevent WriteLog users from ignoring that second line of
> defense. If you do ignore it, then you're depending solely on the
> integrity of the web security at writelog.com.
>
> Wayne
>
>
> _______________________________________________
> WriteLog mailing list
> WriteLog@contesting.com
> http://lists.contesting.com/mailman/listinfo/writelog
> WriteLog on the web: http://www.writelog.com/
>
____________________________________________________________
How To Remove Lip Lines & Aging Eye Bags In Under 3 Minutes
Health News 24
http://thirdpartyoffers.juno.com/TGL3141/57f422d938f1522d8019ast02vuc
_______________________________________________
WriteLog mailing list
WriteLog@contesting.com
http://lists.contesting.com/mailman/listinfo/writelog
WriteLog on the web: http://www.writelog.com/
|