Hi All,

Again, someone is replacing files on the FTP site with viruses. It must be someone who is familiar with this site, as they seem to know their way around.

Could all those who upload ROMs please also add the MD5Sum (http://en.wikipedia.org/wiki/Md5sum) for the file in their posts?

MD5 checksums are hash-signatures of the file and will tell those who are downloading that they are untampered files. MD5 sum has been around for a long time and is industry standard. Here (http://www.microsoft.com/downloads/details.aspx?FamilyID=B3C93558-31B7-47E2-A663-7365C1686C08&displaylang=en) is the official Microsoft MD5 utility, and here (http://www.md5summer.org/) is another popular one. Unix/Linux usually has the utility installed as standard as the command "md5sum".

I personally will not be downloading anything from the FTP site ever again, so to those who already provide alternate hosting for ROMs may I say a huge thank you! It's just not worth the risk using the FTP IMHO; the virus essentially erases your computer and you lose everything. And it's not a "virus" as such, so your anti-virus is likely useless against it.

Thanks to all those who work diligently on their ROMs. If those who release them could do this, I would be even more grateful to them than I already am.

Regards,

Fraser.

we need proper login. whoever control the ftp may wanna setup different access for who they trust different to anonymous users. also turn on the logs for all activities on ftp.

Yeah, I'm with you on this too. I've restrained myself from downloading Helmis 1.4, and anymore in future, for this fact. At the current time I can't risk it as I have important coursework in progress.

I have spoken to MDAIIIUser about the problem as well. He came up with the simple solution.....

The UPLOAD folder is has an access freely available to anyone using the WIKI ... The rom uploaders have now, i believe, recieved the password to upload the roms to a more secure part of the site. The EASIEST way to prevent that happening again is to post the file size on the site.. and provide mirrors...

Unfortunately it will only be a question of time until the FTP site gets trashed again.. and be honest.. some people using this forum have a problem finding the instructins to flash a rom using the Wiki.. do you think a MD hash is going to solve it??

I have spoken to MDAIIIUser about the problem as well. He came up with the simple solution.....


Good stuff, I'm very happy to hear you guys are dealing with this.

The EASIEST way to prevent that happening again is to post the file size on the site.. and provide mirrors...
I'd much prefer MD5 over filesize as the filesize is easilly manipulated. Especially in archive files. Using filesize is a false security and therefore it actually makes it less secure. People have debated this issue over and over and things like MD5 always win out. The only real alternative is digital signing and that's a lot more complicated.

Unfortunately it will only be a question of time until the FTP site gets trashed again.. and be honest.. some people using this forum have a problem finding the instructins to flash a rom using the Wiki.. do you think a MD hash is going to solve it??
That's their problem unfortunately. Security concious people have been posting MD5s for years, but most folk don't always check. Most automated build scripts I've used that automatically downloaded libraries from untrused sites has MD5 built in to force it. Just look in any Mature makefile on a large project.