Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ZenMap executables not digitally signed
From: Fyodor <fyodor () insecure org>
Date: Tue, 8 Mar 2011 02:21:52 -0800

On Tue, Mar 08, 2011 at 09:25:15AM +0200, Costas Alexiou wrote:
My concern is that while i am using Zenmap latest Windows edition and
try to verify the nmap executable the procexp (Sysinternals Tool) is
showing me that cannot be verified.

So i am wondering if the nmap executables are digitally signed or not.
Because if they are may i am using a an executable that is infected
and that drives me mad.

Hi Costas.  We don't use this because it is Windows only.  Also, I'm
not sure how secure it is against the threat of rogue DLLs injecting
malware when they are used by the signed executable.  Rather, we use
this cross-platform technique to sign our downloads:

http://nmap.org/book/install.html#inst-integrity

If you saved your Nmap installer, you can still check that it is
authentic.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]