Hello.
i just realized the Mikrotik download site "http://www.mikrotik.com/download" is http only, and I can't find anywhere to verify the hash/signature securely, so how can I make sure the resources I downloaded are legit?
Thanks.
Do not lost time with this things.Here's the update.
I emailed to mikrotik support about this issue because it's a pretty important one that affect security, one of the support man kindly enabled https for the download page (I'm not publishing his name in regards of privacy).
However the actual download link is still http only and the md5 hash is not strong enough, combine them together will still allow MIM attack, I emailed back and hope it will get fixed too.
What about netinstall?Do not lost time with this things.Here's the update.
I emailed to mikrotik support about this issue because it's a pretty important one that affect security, one of the support man kindly enabled https for the download page (I'm not publishing his name in regards of privacy).
However the actual download link is still http only and the md5 hash is not strong enough, combine them together will still allow MIM attack, I emailed back and hope it will get fixed too.
Internal procedure of routeros check if the packages are signed and have valid crc before installing any third party software.
Of course encryption and security is not for everyone, especially not for a stupid asshole like you.Those hours would be better spent working on RouterOS and Winbox.
Damn paranoic morons :-E