I don't know much about computers and I really hope I'm just being paranoid and ignorant, but I am concerned that my copy of Tails may actually be a maliciously altered program. Here's why:
Recently I decided to see what would happen if I opened the Tails signing key in gedit, changed a few characters (I didn't document exactly what I changed but it was about 5 or 10 characters not very close to the beginning or end), saved it, and then tried to use it to verify the signature of the Tails ISO file I most recently used. Persistence was enabled and not read-only. I deleted all the keys that were stored before importing the modified key. VerifySignature said the signature was good. This seemed like a red flag to me, since I'd expected that the changes I'd made would make the key unable to correctly decrypt the signature. Is this suspicious? Or is it to be expected that the signing key would still work after I changed a few characters in gedit? That's the main important part (in case this is getting too long), but after that, the events that followed also seemed unusual. I turned off my computer, removed the Tails USB drive, and booted Windows 7. The screen that showed up was one I'd never seen before. It said that my computer might be damaged, or something like that, and gave me the option to try to boot normally or boot in Startup Repair mode. I chose Startup Repair. It asked if I wanted to try to restore a previous version of the system where some recently-installed programs might be absent, and I chose No. It then spent ten or fifteen minutes looking for and/or trying to fix problems, and finally told me it couldn't fix anything. I clicked "Finish" and my computer turned off. I turned it back on again and Windows started up normally, and nothing seems to be wrong with it now. I have alternately booted Tails and Windows on this computer several times in the past, and nothing like this ever happened before. If what I've described isn't suspicious at all, then this paragraph can be ignored. But I got to thinking: If an attacker wanted to trick me into installing a malicious program in place of Tails by giving me a bad ISO through a MitM attack, normally it wouldn't work because the ISO would fail to be authenticated. But they could get around this if they could make it so that my system would falsely "authenticate" bad ISOs. It occurred to me that I never authenticated my "first" Tails ISO, which I downloaded several days ago, burned to DVD-R, and then used that DVD-R to install Tails on a fresh USB drive. On that USB drive, I subsequently upgraded to 0.22, and then today I downgraded to 0.21 in order to enable the more secure persistence settings. I authenticated both the 0.22 and 0.21 ISOs (in Tails) before installing them, but if my first ISO was a maliciously altered version of Tails, then those authentications could have been fake. It also may be worth noting that I was not using Tor when I downloaded any of the ISOs. Again, I don't know much about computers, so hopefully my fears are unfounded. Thanks for reading, John
_______________________________________________ Tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support
