An interesting article with some possible serious outcomes as well. Tho moral of the story is never trust something from an unknown source.
by Dennis Fisher October 24, 2014 , 12:07 pm
"A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services.
Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. Downloading any kind of file from the Internet is a dodgy proposition these days, and many users know that if they’re downloading files from some random torrent site in Syria or The Marshall Islands, they are rolling the dice. Malware runs rampant on these kinds of sites."
Full Article
By Pierluigi Paganini on October 27th, 2014
EXCERPT:
Legitimate software vendors use to sign their binaries, any modification to the code will cause verification errors. This is the scenario observed by the research during his tests, an attacker running a MITM attack while the user is downloading a file can actively patch binaries with his own code.
Full Article
EXCERPT:
Legitimate software vendors use to sign their binaries, any modification to the code will cause verification errors. This is the scenario observed by the research during his tests, an attacker running a MITM attack while the user is downloading a file can actively patch binaries with his own code.
“I tested BDFProxy against a number of binaries and update processes, including Microsoft Windows Automatic updates. The good news is that if an entity is actively patching Windows PE files for Windows Update, the update verification process detects it, and you will receive error code 0×80200053.” states Pitts.http://securityaffairs.co/wordpress/wp-content/uploads/2014/10/Tor-exit-node-attack.png
Full Article
Userlevel 7
I never trusted Tor in the beginning and don't now, sending data via these nod's you can't trust them.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.