Bugtraq mailing list archives
Re: Infecting the KaZaA network? (unlikely)
From: Adam Lydick <awlydick () bulldog unca edu>
Date: 06 Feb 2002 20:12:18 -0500
The simple solution to that, and what they probably do: is provide the MD5 sum of the latest binary from a central location. This is conciderably less costly to distribute then the entire binary, and unless someone comes up with a trojan'ed version with the same hash (rather unlikely) it is perfectly safe to download it from anywhere. Another solution that they might employ is a digital signature. The first version that you download comes from a trusted source and contains KaZaA's public key. They could then sign any binaries that they release with their private key. When you download the updates from an untrusted source, it is simply a matter of verifying the signature is from KaZaA. It seems rather unlikely that you could infect the network in this way, or it would have already happened through normal vectors (people with virii on their machines. But you could probably verify this behavior, by modifying a few bits in an upgrade and seeing if it will still work... Depending on where they place the authentication code, if any. Many projects face a similar problem with their mirror sites and many of them provide md5 sums for their files so that you can verify it is uncorrupted/altered. Adam Lydick On Wed, 2002-02-06 at 15:10, Andrew McClymont wrote:
I just found out a folder named "My shared folder" under the KaZaA installation folder. Inside "My shared folder" there were various KaZaA installshield packages (exe files). Now, the people at FastTrack promotes their engine as a distributed way to send files to end users. This is seen whe you download KaZaA, you get a little exe (500 k) that downloads the full KaZaA client from one of its users, I would guess, from the "My shared folder". What happens if I infect the files under "My shared folder" with a virii or some trojan, every user that gets their KaZaA client from my computer gets screwed, right? And then, the victim himself will be sharing the KaZaA client infected to new victims. Just wondering... Have a nice day!! -Andrew McClymont
Current thread:
- Black ICE Ping Vulnerability Side Note Stoic forty-four (Feb 06)
- Infecting the KaZaA network? Andrew McClymont (Feb 06)
- Re: Infecting the KaZaA network? the Pull (Feb 07)
- Re: Infecting the KaZaA network? (unlikely) Adam Lydick (Feb 07)
- Re: Infecting the KaZaA network? Brad Maloney (Feb 07)
- <Possible follow-ups>
- RE: Black ICE Ping Vulnerability Side Note Keith T. Morgan (Feb 06)
- Infecting the KaZaA network? Andrew McClymont (Feb 06)