Hello.
i just realized the Mikrotik download site “http://www.mikrotik.com/download” is http only, and I can’t find anywhere to verify the hash/signature securely, so how can I make sure the resources I downloaded are legit?
Thanks.
Here’s the update.
I emailed to mikrotik support about this issue because it’s a pretty important one that affect security, one of the support man kindly enabled https for the download page (I’m not publishing his name in regards of privacy).
However the actual download link is still http only and the md5 hash is not strong enough, combine them together will still allow MIM attack, I emailed back and hope it will get fixed too.
Do not lost time with this things.
Internal procedure of routeros check if the packages are signed and have valid crc before installing any third party software.
What about netinstall?
Also Winbox?
Update: Now the download site is all https supported, thank you mikrotik!
Of course encryption and security is not for everyone, especially not for a stupid asshole like you.
I do this in hoping routeros getting better, a hardened security is not only for me, but for every true genius loving Routeros.
If you don’t understand, you can keep silent; but if you insult me, I will not respect you any more.
Well, all kind of security measures will definitely bring MikroTik closer to the requirements that most enterprise customers have nowadays. That includes even small steps like to securing the download areas…
Security is essential, it have to be considered prior to any other functions. No exceptions, no excuse.
People here seems not care much about that, however that’s not my business, I care, so I fight for it.
One don’t even need to be here if he have as little brain as Jajeblonsky do.