Re: Infecting the KaZaA network? (unlikely)

From: Adam Lydick (awlydickat_private)
Date: Wed Feb 06 2002 - 17:12:18 PST

Next message: Paul Brereton: "Security Advisory - #1"

Previous message: Paul Brereton: "PHP Advisory #2"
In reply to: Andrew McClymont: "Infecting the KaZaA network?"
Next in thread: Brad Maloney: "Re: Infecting the KaZaA network?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The simple solution to that, and what they probably do: is provide the
MD5 sum of the latest binary from a central location. This is
conciderably less costly to distribute then the entire binary, and
unless someone comes up with a trojan'ed version with the same hash
(rather unlikely) it is perfectly safe to download it from anywhere.

Another solution that they might employ is a digital signature. The
first version that you download comes from a trusted source and contains
KaZaA's public key. They could then sign any binaries that they release
with their private key. When you download the updates from an untrusted
source, it is simply a matter of verifying the signature is from KaZaA.

It seems rather unlikely that you could infect the network in this way,
or it would have already happened through normal vectors (people with
virii on their machines. But you could probably verify this behavior, by
modifying a few bits in an upgrade and seeing if it will still work...
Depending on where they place the authentication code, if any.

Many projects face a similar problem with their mirror sites and many of
them provide md5 sums for their files so that you can verify it is
uncorrupted/altered.

Adam Lydick

On Wed, 2002-02-06 at 15:10, Andrew McClymont wrote:
> I just found out a folder named "My shared folder" under the KaZaA
> installation folder.
> 
> Inside "My shared folder" there were various KaZaA installshield
> packages (exe files).
> 
> Now, the people at FastTrack promotes their engine as a distributed way
> to send files to end users. This is seen whe you download KaZaA, you get
> a little exe (500 k) that downloads the full KaZaA client from one of
> its users, I would guess, from the "My shared folder".
> 
> What happens if I infect the files under "My shared folder" with a virii
> or some trojan, every user that gets their KaZaA client from my computer
> gets screwed, right?  And then, the victim himself will be sharing the
> KaZaA client infected to new victims.
> 
> Just wondering... Have a nice day!!
> -Andrew McClymont

Next message: Paul Brereton: "Security Advisory - #1"
Previous message: Paul Brereton: "PHP Advisory #2"
In reply to: Andrew McClymont: "Infecting the KaZaA network?"
Next in thread: Brad Maloney: "Re: Infecting the KaZaA network?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 13:50:51 PST