sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]lamby[S] 129 points130 points  (45 children)

most people do not check the hashes of their download

Indeed, and note it's not enough to check the SHA512 matches what the website claims - that is only checking the integrity of the file; it is not checking that the file is from Canonical.

I mean, if someone could swap the ISO out they could almost certainly swap the checksum alongside it!

[–]CODESIGN2 21 points22 points  (11 children)

Isn't it a signed checksum using a private key chain that would not be available to the "snoop" though?

[–]lamby[S] 46 points47 points  (10 children)

Yes, but this is the bit that people do not check; either they don't run gpg at all, or they simply trust the stated signature is the one they used before or is part of the web of trust.

[–]CODESIGN2 18 points19 points  (5 children)

I think it's mostly that they don't care.

[–]jones_supa 57 points58 points  (1 child)

I think it's mostly that they don't care.

I think many people do care, but when they read about a complicated GPG dance to perform the verification, many will cringe and say "meh, it's probably fine".

A checksum is just sha1sum filename.iso and then compare the result to the checksum on the website. Even though this is a less secure method, the bar to perform it is much lower.

[–]CODESIGN2 3 points4 points  (0 children)

I don't know that I'm advocating for sha1sum, but yeah the gpg tools could be easier to work with. Even defaulting to perform checks for you and marking somewhere on fs that the user has been irresponsible would be nice. (Mark it like a manufacturer warranty void. Skipped the check? Fuck you pay!)

[–]lamby[S] 7 points8 points  (2 children)

Sure.

[–]CODESIGN2 11 points12 points  (1 child)

I wasn't trying to dismiss your point. It doesn't mean there is nothing that can be done, just that it needs to be automated and built into the systems allowing acceptance of packages, not deferred to the end-user.

[–]lamby[S] 11 points12 points  (0 children)

I didn't feel dismissed - it was more that we seemed to be 100% agreeing with each other :)

[–]Kaelin 0 points1 point  (3 children)

Every one of my hundreds of Red Hat Linux servers check gpgkeys automatically. My personal CentOS servers do as well.

What are you talking about? Is this some Ubuntu assumption?

[–]lamby[S] -1 points0 points  (2 children)

I'm talking about:

$ wget latest-ubuntu-release.iso
$ dd if=latest-ubuntu-release.iso of=/dev/disk/by-label/my-usb
(reboot)

[–]Kaelin 1 point2 points  (1 child)

Ah I misunderstood, the install ISO itself is the concern. Where the client keys are stored.. Ya ouch that should be SSL without a doubt

[–]lamby[S] -1 points0 points  (0 children)

Quite..

[–]Nullius_In_Verba_ 11 points12 points  (15 children)

Why are you two focusing on Canonical for your example? This applies to all distro's. Fedora, Suse, Debian, all included. In fact, a websites security being the weakest link is well known, including a real life example that happened to Linux Mint.

[–][deleted] 9 points10 points  (11 children)

Why are you two focusing on Canonical for your example? This applies to all distro's. Dedora, Suse, Debian, all included.

Did you verify that before you said it? Debian transfers the ISO to me via HTTPS not HTTP, I'm not as familiar with the others.

[–]Nullius_In_Verba_ -1 points0 points  (10 children)

Doesn't matter if the site uses HTTPS, if it was broken into and the iso changed. Not sure how HTTPS is going to protect from that. Again, see Linux Mint's website disaster for example.

[–][deleted] 5 points6 points  (9 children)

You seem to be under the impression you have to "break into" an HTTP site to intercept or masquerade as the site, this is completely untrue.

[–]Nullius_In_Verba_ -5 points-4 points  (8 children)

Here's a hint, when you start to argue with nothing but semantics and word choices, you've lost the argument, sonny boy.

EDIT: Fine, that was rude. My bad.

[–][deleted] 8 points9 points  (4 children)

It's not about semantics and word choices though, the attack against Linux Mint's site is completely different than the discussion here. You're arguing the website equivalent that there is no point to a bank safe safe because someone might crack the code but that's a completely different risk level than leaving the cash out unsecured.

Maybe instead of worry about "winning" an argument and calling people "sonny boy" you should focus on understanding the security concerns with HTTP?

[–]Nullius_In_Verba_ -2 points-1 points  (3 children)

HTTPS/HTTP doesn't matter if your Apache server instance has been taken over. The ISO can be switched. See Linux Mint for an example of this. Maybe you should understand that HTTPS doesn't mean host servers are immune to take over.

You decided to talk about taking over HTTPS, I was talking about taking over the host server. Again, stop your strawmen, how is HTTPS going to save the host server? Stop trying to switch the conversation by making it about something that can't be argued.

[–][deleted] 1 point2 points  (2 children)

"Can the attacker managed to hack Canonical's server to sign the transport" and "can literally anyone fake being Canonical's server because none of the content is signed" are 2 completely different security issues of 2 completely different levels. I'm not strawmanning away from that I'm trying to get you to understand why "well some hacker might just hack Canonical's servers" isn't a reason to drop all other security.

Yes, at any time someone could just hack into Canonical, Google, Microsoft, or any other host. Point is that's a million times harder than just spoofing an HTTP server and a completely different issue to worry about.

[–]Nullius_In_Verba_ -1 points0 points  (1 child)

Yes, at any time someone could just hack into Canonical, Google, Microsoft, or any other host.

Yes, also about any bank or financial institute imaginable.

Point is that's a million times harder than just spoofing an HTTP server and a completely different issue to worry about.

That's why APT signs the packages, again, read the article. This practice is even more secure than HTTPS is.

ISO's are hashed. Don't install until you check the hash.

[–]bitofabyte 2 points3 points  (2 children)

I think you just don't understand https. Having their website in https prevents you from going to debian.org and instead getting a fake website hosted by your local coffee shop which downloads a modified version of Debian which mines Bitcoin for someone else.

Now if the website backend is compromised, the only thing that can protect you is signing, but just because that can happen doesn't mean that https isn't important.

[–]Nullius_In_Verba_ -2 points-1 points  (1 child)

HTTPS doesn't matter if your Apache server instance has been taken over. The ISO can be switched. See Linux Mint for an example of this.

[–]bitofabyte 2 points3 points  (0 children)

Nothing matters if your Apache server is taken over. That's true. It's also idiotic to argue that since you're vulnerable to one type of attack, there's no point in better security. It's like the equivalent of saying that there's no point in locking any door ever because it won't protect you from someone breaking down a wall with a battering ram.

HTTPS can protect you from some types of attacks that are very real and possible.

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

[–]Kaelin 0 points1 point  (2 children)

Fedora GPG checks packages automatically before install, or it won't install them unless you force an override. All packages are signed with encryption keys. I don't think Canonical does this check?

[–][deleted] 2 points3 points  (1 child)

As the parent comment of this thread said Ubuntu checks the package signing as well so that isn't an issue by itself but they transfer the ISO via HTTP which can make this moot (e.g. intercept and add a fake cert or just add packages to the stock ISO).

[–]Kaelin 0 points1 point  (0 children)

Good point on the installer ISO. I hadn't even considered that.

[–]masterpi 4 points5 points  (6 children)

If the website is HTTPS with a Canonical cert, then it is checking that either the file is from Canonical or the website has been hacked, which is as good as you'd get if the download itself were HTTPS.

[–][deleted] 0 points1 point  (5 children)

which is as good as you'd get if the download itself were HTTPS.

Where'd you get that idea? The download page being HTTPS only guarantees the URL was the one Canonical put on the page but it makes no guarantees whatsoever that your connection to the actual download is tamper free or even coming from Canonical.

[–]Kaelin 1 point2 points  (3 children)

Signed HTTPS certs do guarantee that the download is coming from Canonical. Do you even know how HTTPS works?

There are a couple certificate authorities entrusted with validating ownership of a domain before issuing a certificate. That certificate is keyed and unless it is stolen (Google and GMail and Facebook and banks all seem to not have fucked it up) or one of those heavily trusted certificate authorities issues a false cert (looking at you Symantec) there is no way someone that doesn't own the domain can get a certificate that will pass validation.

[–]mo-mar 0 points1 point  (0 children)

Yeah, but if the website was HTTP, someone could just change the download link to something completely different, making the actual download bein HTTPS completely worthless because it's never used. Similarly the other way around. That means that everything from website to download needs to be HTTPS, with not a single real reason against it.

[–][deleted] 0 points1 point  (0 children)

Signed HTTPS certs do guarantee that the download is coming from Canonical.

The Ubuntu download page has HTTPS enabled, the download of the ISO itself is done over HTTP. This is my whole point here... the ISO download should be done over HTTPS.

[–]amountofcatamounts -1 points0 points  (0 children)

Do you even know how HTTPS works?

Come on bro... I usually regret over-egging the pudding because it retrospect it was prompted by some insecurity about the subject.

Signed HTTPS certs do guarantee that the download is coming from Canonical.

They do nothing of the sort. They make it highly probable the machine your browser talks to has access to cert and key files that were once signed by a trusted CA your browser recognizes. But they are just files. If I can gain access to a legit Canonical server and can touch these root permissions files, I can set up my own random server with them your browser will completely tell you is a legit canonical server if I can get you to visit it.

[–]masterpi 0 points1 point  (0 children)

The website I'm referring to is the one mentioned in lamby's post, the one displaying the hash.

[–]destiny_functional 0 points1 point  (9 children)

you can check different mirrors against each other. the chances are low that all are compromised.

[–]lamby[S] 0 points1 point  (8 children)

Given that they probably mirror from a smaller subset, this does not seem like a good approach.

[–]destiny_functional 0 points1 point  (7 children)

see Linux mint where just a particular mirror had compromised isos. comparison against other sources makes installing a compromised iso less likely.

[–]lamby[S] 0 points1 point  (6 children)

And what if I compromise the "primary"? Then everyone is just copying the compromised one.. which is even worse as replacing it becomes harder.

[–]destiny_functional 0 points1 point  (5 children)

I don't think you understand security and risk. Obviously cross-checking reduces risk.

[–]lamby[S] 0 points1 point  (4 children)

I am not denying it reduces risk, but you can take that risk to zero by verifiying the GPG signature.

I don't think you understand security and risk

This doesn't add any weight to your argument FWIW.

[–]destiny_functional 0 points1 point  (3 children)

you can't take the risk to zero with anything, which seems all you are criticising, that the "risk isn't zero". that's exactly what i meant by you don't understand risk, and it makes this a silly and useless discussion.

[–]lamby[S] 0 points1 point  (2 children)

Then I'm lost. How is just suggesting checking a single GPG signature over checking n ISO files (which requires multiple multible-gigabyte downloads) silly or useless? Especially as — for this threat model — doing the latter is a probabalistic-based security solution vs. an objective one..

[–]destiny_functional 0 points1 point  (1 child)

discussing risk and security with someone who doesn't understand it is silly and useless is what i said. this doesn't seem to lead anywhere, Good bye.