Fwd: The Case of the Modified Binaries / Downloading binaries through plain http:// 2015-08-24

It seems I forgot to forward this when it blew my mind the first time. If you still need a reason to not download binaries from http:// URLs, this is it:

The Case of the Modified Binaries
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/

While SourceForge is another story, they are an example of a website offering binaries through plain http://, e.g. http://downloads.sourceforge.net/project/filezilla/FileZilla_Client/3.13.0/FileZilla_3.13.0_win32-setup.exe. Oh my.

Leave a Reply

You must be logged in to post a comment.