mailing list archives
Re: ZenMap executables not digitally signed
From: Fyodor <fyodor () insecure org>
Date: Tue, 8 Mar 2011 02:21:52 -0800
On Tue, Mar 08, 2011 at 09:25:15AM +0200, Costas Alexiou wrote:
My concern is that while i am using Zenmap latest Windows edition and
try to verify the nmap executable the procexp (Sysinternals Tool) is
showing me that cannot be verified.
So i am wondering if the nmap executables are digitally signed or not.
Because if they are may i am using a an executable that is infected
and that drives me mad.
Hi Costas. We don't use this because it is Windows only. Also, I'm
not sure how secure it is against the threat of rogue DLLs injecting
malware when they are used by the signed executable. Rather, we use
this cross-platform technique to sign our downloads:
If you saved your Nmap installer, you can still check that it is
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/