On Tue, Feb 23, 2016 at 09:39:24AM +0800, Gener Badenas wrote:


On Tue, Feb 23, 2016 at 3:23 AM, Thomas Schmitt <[1]scdbac...@gmx.net> wrote:

   Hi,

   > [2]http://thehackernews.com/2016/02/linux-mint-hack.html

   A virus of 1.5 GiB size.

   Does anybody know a download URL for such an infected ISO image ?
   (I am curious whether they used my software or mkisofs or something
   unusual.)


Will people downloading the linix mint from torrent be affected?

From what I read[1], a torrent file contains a list of the files being shared. That list details, for each file, the file's name, it's length and a series of SHA-1 hashes over the file. Now, the torrent file IS suspectable to the same problem: namely, if you fake the hashes in the torrent file, then you can claim that your malicious download is genuine. But if you already have the torrent file from before the attack (say, you are in the process of downloading it), then the hacker's task is made inordinately harder.

It's difficult to provide a malicious ISO with the same MD5 as another, but not impossible. You can just append a certain amount of junk data until the hashes match. Similarly, you CAN do the same with SHA-1 (hash collisions ARE possible, but extraordinarily hard).

However, if you have to match an existing SHA-1 hash *and* you have to keep the length the same *and* the file has to be coherent enough to work (presumably the hacker's intention was to infect a target system with this ISO), then your chances of success are essentially zero.


[1] https://en.wikipedia.org/wiki/Torrent_file

 


   Have a nice day :)
Thomas





--
[3]Code, [4]code, [5]code, and [6]code

References:

[1] mailto:scdbac...@gmx.net
[2] http://thehackernews.com/2016/02/linux-mint-hack.html
[3] http://new.sarap.asia/
[4] http://jdk.schooluniform.asia/
[5] http://java.vpsnotes.com/
[6] http://johnmac.hephep.asia/

--
For more information, please reread.

Attachment: signature.asc
Description: PGP signature

Reply via email to