Settings
Language

Country

Framework language
Choose the country,language and framework settings
Privacy
HTTPS + POST : An encrypted SSL(HTTPS) connection ensuring your privacy. The search variables like keywords, etc. are encrypted and masked.
HTTPS + GET : The data transfer is enrypted but search variables displayed in the URL.
HTTP + GET : Non encrypted datatransfer
SSL key exchange / Cipher
World Wide Web:
primary
secondary
Images:
primary
secondary
Thumbnails
Count of search results per page
Content filter

Violence
Filter adult material


Parental lock: with setting a password you are activating the parental lock. You are able to reset it by typing in the correct password clicking reset and saving the settings. To use the child protection properly you need to create a separate system account for your child with no write access to cookies

Length of descriptions
Activate social platform plugins
With activating this option social plugins embed to this website will get loaded automatically. You will automatically accept all terms of used social plugin hosters by setting activated. Please reconsider our terms and links to related terms and datasecurity for more information
Advertisements
Color style
Save Settings
Close Settings

Blog

TOR Network: Modified Binaries While Downloading
Translation in de

Tor is originally supposed to aid journalists and activists to gain more anonymity on the net. But beeing more anonymous does not imply more security using the Tor Network for downloading binary data(executables like EXE,etc.) if you are using no encryption and transfer validation (MD5 Checksum, PGP Signature, etc.). The possibility of altering downloaded binaries was demonstrated by Leviathansecurity : http://www.youtube.com/watch?v=LjUN9MACaTs

The attacker is using a binary patch framework like BDF and a proxy server(e.g. BDFPoxy) to alter any unencrypted binary on the fly by inserting precompiled rootkit code into "code caves"(areas filled with 0 in the binary). This seems to be a more spread practice than expected. You should be cautious using proxy servers and services like Tor.

To prevent these kind of attacks always use a strong SSL encryption if you are downloading a file and validate it with a MD5-Checksum or PGP Signature if possible.

Wintendo users are lucky this time : Leviathansecurity tells Windows PE Updatefiles were getting recognized as modified by the verification process. This does not apply to other binaries which are downloaded manually or by any other automated user-defined UpdateTool. You should always check if your download is valid if there are MD5 Checksums provided.

A linux user normally should not come accross these problems since he will compile any binarie from source (e.c.: crosscompilers, etc.) . The common procedure should look like this : dl source -> patch -> configure -> compile . Always check downloaded compressed data with a MD5 Checksum or PGP Signature. If you are using a distributions using precompiled binaries you should not be afraid since those files get commonly validated during the update process(using apt,yum,etc.).

Mac Users are a more common target for those forms of attack since most apps are not available as source code. The Update process should not be altered since in the Unix Universe is standarized to check downloads with a MD5-Checksum or PGP Signature. You should always validate your manually downloaded binaries if possible.

Quelle: http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/

 

How to protect yourself :

Windows: - a Firewall with execution/mem system hook support, means you can control if a process is allowed to do different things just like SELinux for example.

- a anti virus software which checks and updates frequently.

- manage the rights for users and processes

- validate your downloads.

 

Linux:

- use PaX/Grsec Kernel + UBAC + SELinux. You need to follow the guidelines of your linux distributer. I would recommend to start off with a Fedora/Debian/Ubuntu and switch to gentoo or vanilla if you gained enough knowledge to handle a linux system on your own.

- do not compile source and execute it's binaries if you are not aware what it is doing.

- validate your downloads.

 

OSX:

- configure your environment : OSX comes with an implementation of SELinux(MLS) and other security fixes. Compared to linux it is easy to setup with a graphical user interface.

- manage process, user, filesystem, etc. rights and directives for any application/process which could be critical for your system security.

- validate your downloads.

 

 

Posted at ( updated at by n4sh )
in Security 

Tags:
Activate Facebook
Comments