I don't know if you read the advisory, but the issue is not about mp3's being modified in transit. They will be modified before they are sent, thus the checksum will be regenerated after they are patched/infected and before the downloading user has even seen the initial checksum. And silly antivirus programs dont check mp3 files for malicious headers and such, nor are there any signatured for the hydra.
you're an idiot. did you even read the advisory? it explains that it passively fingerprints the remote host to determine the os. it also includes an example of a linux implementation developed outside of the riaa agreement, so dont say linux is not exploitable. at least read the advisory before you start shitting all over yourself.
Slashdot Mirror
I don't know if you read the advisory, but the issue is not about mp3's being modified in transit. They will be modified before they are sent, thus the checksum will be regenerated after they are patched/infected and before the downloading user has even seen the initial checksum. And silly antivirus programs dont check mp3 files for malicious headers and such, nor are there any signatured for the hydra.
Yeah, right. That makes all implementations of linux immune to this method of exploitation.
yes it is. check again.
you're an idiot. did you even read the advisory? it explains that it passively fingerprints the remote host to determine the os. it also includes an example of a linux implementation developed outside of the riaa agreement, so dont say linux is not exploitable. at least read the advisory before you start shitting all over yourself.