|
Sascha Lefèvre wrote: it wouldn't if there was someone who "engineers" a new, infected zip file to match the hashcode of the original.
I thought of that, but I didn't think it was feasible if the HASH algorithm wasn't cracked.
I didn't believe that was possible. Is it programmatically easy?
I'm confused by this. Are you saying that if I obtain the hash for a windows DLL for example, then someone could create their malicious DLL and sprinkle bytes into it to match the hash of the original DLL, thus taking over my windows DLL?
No one is safe.
|
|
|
|
|
A cracked hash algorithm would mean that the solution-space of possible input data can be narrowed down from the hash.
But you don't need that here. Someone could infect some file in the zip archive with a malware and then modify "unimportant" parts of the archive so that it yields a hash collision with the original archive. Wouldn't be trivial but possible (in case of small archives potentially impossible).
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
Yeah it's pretty trivial. It's not a matter of cracking the algorithm.
|
|
|
|
|
And how are you going to find out if the files you're zipping up in your installation are infected before you post it for everyone to download and install on their machines??
|
|
|
|
|
You don't; if you download your OS, you get a checksum. Verify it, and compile and build the OS. Next download the sources for the tools you need..
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
|
Ah, the singularity.
This would be agreeable, to say that the original builder of the code:
1. builds the target
2. scans the target for malicious bytes
3. verifies there are no such malicious bytes in his target
4. generates the hash and publishes it along with his target.
No more virus scanning needed. If it matches the hash it must be the same file.
But, alas, they are saying this can be hacked. Hmmm...who'da thunk it?
|
|
|
|
|
newton.saber wrote: 2. scans the target for malicious bytes
With what?
A compiler/linker will output an .EXE which a virus can immediately infect so how are you going to know what the "malicious bytes" are? How are you going to compare what the compiler/linker intended to write to disk with what was actually written? There is a window of time between when the file is written to disk and when the hash algorithm is run against it that a virus can infect the file. This is the piece you are forgetting about.
newton.saber wrote: No more virus scanning needed.
Bull. Granted virus scanners are not a perfect solution. The entire industry is stuck on the side of being reactionary to a new virus because there is currently no technology that exists that can guarantee a file being written to disk is what was intended to be written by some non-virus application operation.
|
|
|
|
|
Dave Kreskowiak wrote: so how are you going to know what the "malicious bytes"
Uh, isn't that what the virus scanners do? They have signatures of malicious bytes and they scan the bytes in the target to determine if there are bytes that match?
Isn't that why virus scanning is so slow?
It sounds as if there is no way to ever determine whether or not the code a dev build is virus-free.
|
|
|
|
|
newton.saber wrote: Uh, isn't that what the virus scanners do?
And you said they were stupid. Maybe, but it's the only solution we have.
newton.saber wrote: It sounds as if there is no way to ever determine whether or not the code a dev build is virus-free.
No there isn't and this is where "managing risk" comes into play.
|
|
|
|
|
Message Closed
modified 15-May-15 7:18am.
|
|
|
|
|
And you think that posting your problem in the Lounge will help? You're in the wrong place, Bubba!
|
|
|
|
|
Why not phone and ask them?
My plan is to live forever ... so far so good
|
|
|
|
|
Given the fact that s/he joined today and is using the "new spammer" avatar, I guess this was just a test message before a weekend of spamming.
|
|
|
|
|
|
Wow that is incredibly sad news.
These men displayed that they have no character and no sense of morality.
"Age wrinkles the body. Quitting wrinkles the soul."
-Douglas MacArthur
|
|
|
|
|
Sadly that's one of the very few cases reported. At one point murder was classified as "died from natural causes" to try and get our violent crime stats down. Even so, our country taking a high speed train away from morality.
... and in our next topic we should start discussing covering statues in feces when we don't agree with some part of distant history (search Rhodes statue on News24) ...
My plan is to live forever ... so far so good
|
|
|
|
|
Quote: covering statues in feces when we don't agree with some part of distant history
According to your President, you should blame Van Riebeeck who landed in the Cape in 1652!
I was born in SA and lived there for the first 50 years of my life. It saddens me to see how the infrastructure and respect for law and order is collapsing!
|
|
|
|
|
I still don't want to live anywhere else, but things are getting worse. Soweto marched today to show government that they don't want to pay for electricity (Mandela apparently promised that 20 years ago). I also saw that now that we are getting used to Load Shedding they are starting too think about Food Shedding (agricultural land reform) and Water Shedding (over use of resources and pollution). In this rainbow nation there is no treasure at the end of the rainbow.
Cornelius Henning wrote: According to your President
According to our president corruption is a western concept, hence we don't have any problems with billions of rands going into elected officials pockets every year.
My plan is to live forever ... so far so good
|
|
|
|
|
Quote: According to our president corruption is a western concept
I don't quite know how to respond to this! I always thought corruption is corruption in any culture. It shows you how little I know!
|
|
|
|
|
In african tribalism the chief deserves the biggest, best and most of everything.
This leads to almost every person in power (in government or governmental departments) feeling entitled to taking anything they can get their hands on, as long as they have more than the people under them. This includes multi-million rand monthly KFC bills (no jokes).
My plan is to live forever ... so far so good
|
|
|
|
|
Cornelius Henning wrote: I am not religious I don't see how that's relevant...
I also don't care if she was a nun, an engineer, a police woman or any profession you can come up with and if she was 18, 86 or anything in between.
Raping and killing is despicable, no matter who the victim is.
Although these two savages may be swept off the face of the earth for all I care.
|
|
|
|
|
Quote: I don't see how that's relevant...
I wanted to make it clear that I did not post the item just because I am a Catholic, that's all!
|
|
|
|
|
About 6 years ago, two men broke into a house in the city where I live, raped and murdered a woman in her mid 50s that was severely mentally handicapped. Winners...
|
|
|
|
|
There is not a Hell hot enough for this kind of monster!
|
|
|
|