
The Case of the Modified Binaries - pcwalton
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/
======
angry_octet
Tried to download Mozilla Thunderbird lately? Have any luck finding a SHA
checksum for it? Its hidden at:
[http://download.cdn.mozilla.net/pub/mozilla.org/thunderbird/...](http://download.cdn.mozilla.net/pub/mozilla.org/thunderbird/releases/31.2.0/)

You can't get it over SSL. Not to worry, the binary will be signed by Mozilla
right? Yeah, GPG only. Not x.509 signed.

But hey, the online install page supplies it over SSL right? Well, sometimes.
But it turns out they don't enforce SSL use. Cue SSLstrip.

PS On MacOS X 10.9 Apple by default prevents running unsigned binaries. Not to
worry, Mozilla tells you how to bypass the check, not even hinting it has a
very valid purpose. [https://support.mozilla.org/en-US/kb/firefox-cant-be-
opened-...](https://support.mozilla.org/en-US/kb/firefox-cant-be-opened-after-
you-install-it-on-mac)

~~~
rockdoe
Uh, in case you didn't notice, those SHA checksums _are also_ PGP signed.

I Googled Mozilla Thunderbird and the first hit was the download page, using
HTTPS. You're right SSL isn't enforced, but that's a chicken and egg problem
for Firefox downloads I guess, now that TLS 1.2 is enforced and the user may
be stuck with a browser not supporting that.

~~~
angry_octet
In case you didn't read, yes I said they were GPG signed. But they don't make
that info available (or linked) on the main download page, you have to google
to find it.

SSL 3 is still fine for protecting integrity, just not confidentiality, so it
is okay for downloads.

------
billpg
It's not enough to check the hash of a downloaded executable if the hash
you're checking against came from the same source as the suspect file.

I find it so infuriating when I see a download page with hashes and the
download links next to each other, as if that's any help at all.

~~~
4ad
The hash is not for cryptographic purposes, it's to detect corrupt downloads.
Ideally you should provide both the hash and you should pgp sign your
releases.

~~~
colanderman
That is bizarre. Like "I thought XMODEM went out of style in 1992" bizarre.
Shouldn't checksumming the payload be performed at the application layer?

(A quick Google shows that indeed it can be: the Content-MD5 header
<[http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html>](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html>).
Wonder how widely supported it is by HTTP software used by people who like to
check hashes of things they download.)

~~~
adricnet
Well, I understand your reaction, but it may help to point our that there are
three different algorithms involved here and that to ensure content
completeness and ensure security concerns (CIA, NR, etc) you want them all,
and all done correctly:

    
    
      *  Checksums, like in Xmodem or CRC
      *  Cryptographic hashes (including MACs)
      *  Cryptographic signatures (ie OpenPGP key or cert)
    

As noted in the other comments these protect against different kinds of
problems in transmission, but in used correctly in combination can protect
from both glitches and active attacks.

To say that it is difficult to implement all of these correctly and in concert
is a grave understatement, but this is what modern crypto software and network
protocols that use it, have to do.

Now back to the thread on HTTP header checksums :)

------
seanp2k2
Really hate the Microsoft standard here of "unknown error" everywhere. Is it
really that hard to give a name to those, MS? "File signature verification
issue" would be a million times more helpful. This has always bothered me
deeply with MS software; that it's almost impossible to tell what's happening
from logs / error messages.

~~~
psykovsky
How would they get people to pay for support if the errors were explained in a
clear language?

~~~
peteri
One quick google (but you do need the 0x) and you get to this documentation:

BG_E_VALIDATION_FAILED (0x80200053) The application requested data from a
website, but the response was not valid. For details, use Event Viewer to view
the Application Logs\Microsoft\Windows\Bits-client\Operational log

Which seems pretty clear to me (although plausibly not to an end user).

------
boklm
This exit node is now flagged as BadExit:
[https://atlas.torproject.org/#details/8361A794DFA231D863E109...](https://atlas.torproject.org/#details/8361A794DFA231D863E109FC9EEEF21F4CF09DDD)

------
Animats
Even SSL may not help. Cloudfront is now offering what they call "Flexible
SSL". This means Cloudfront gets an SSL cert which allows them to impersonate
the site, they offer an SSL connection to the user's browser, Cloudfront acts
as an man-in-the-middle and makes a connection to the destination site. An
_unencrypted_ connection in many cases.

This is SSL as security theater.

~~~
icebraining
* Cloudflare

It's obviously not nearly as secure as end-to-end SSL, but it's probably still
useful. The connection between the client's machine and the Cloudflare's
server is more likely to be under attack (unencrypted Wifi, hacked personal
routers, _rogue exit TOR nodes_ , etc) than the connection between
datacenters.

~~~
justcommenting
not always. as we've learned from the NSA disclosures, there are many layers
of indirection.

~~~
hayksaakian
Would you say its better than plain HTTP?

Or is the false sense of true security a bigger detriment?

~~~
justcommenting
i think it really depends on your threat model

~~~
aidenn0
This is important; there are cases of "just plain insecure" but other than
that, it's very nuanced.

How about you randomly generate and write all your passwords down on a piece
of paper in your wallet? For many threat models, that's far more secure than
even using a password manager. For other threat models it's far _less_ secure
than using a password manager. Other than things that are just flat-out broken
"more-secure" and "less-secure" don't exist without qualification.

------
tantalor
> this is the only node that I found patching binaries

This suggests the exit relay itself is doing the patching. Isn't it more
likely that some MITM between the exit relay and origin server is responsible?

~~~
icebraining
I don't see why would it be more likely. The exit node explanation is simpler.

------
song
_Companies and developers need to make the conscious decision to host binaries
via SSL /TLS_

Of course the problem with that is that countries with censorship like china
seriously throttle or outright block any SSL connection that are made outside
of the country. And sometimes they even use something like SSL strip to do a
MITM attack with a self signed certificate.

Average users there are also used to seeing self signed certificates locally
and so never even think twice before discarding a message alerting them that a
SSL certificate is not valid.

------
spindritf
_Companies and developers need to make the conscious decision to host binaries
via SSL /TLS_

Yes. And source code, too. If you can't provide ssl for downloads, you should
be using a third party service like GitHub who can.

------
eps
> _If an adversary is currently patching binaries as you download them, these
> ‘Fixit’ executables will also be patched. Since the user, not the automatic
> update process, is initiating these downloads, these files are not
> automatically verified before execution as with Windows Update._

Except that this FixIt binary will have no signature and Windows will light up
like a Xmas tree. So it really comes down to whether you pay attention to
these warnings or you don't. And if you don't, despite all of the Microsoft's
effort of past 10 years, then you get what you deserved.

~~~
darklajid
If you're already able to MITM the user, what about

\- patching (more .. corrupting) binaries, hoping to break Windows Update

\- intercepting and replacing the top 5 'Make Windows Update work again'
downloads with a (signed if you want) application of your own?

Bonus points for injecting 'Already got this host' into requests from now on,
so that Windows update magically starts working again..

------
notastartup
I wonder how do security professionals acquire their knowledge. Even more
curiously, how do these malware writers do this?

Programming can be easily learned by reading and practicing but IT security,
one doesn't know where to begin, what the journey is like.

~~~
yetihehe
You start here:
[http://thelegendofrandom.com/blog/archives/223](http://thelegendofrandom.com/blog/archives/223)
or here [http://www.reteam.org/ID-
RIP/database/essays/es29.htm](http://www.reteam.org/ID-
RIP/database/essays/es29.htm) and spend hundreds of hours on reading and using
debuggers.

~~~
notastartup
omg that is so cool!!! so this is how 'serial crackers' work.

