Results 1 to 7 of 7

Thread: Checking sites for validity! Future security!

  1. #1
    Join Date
    Dec 2006
    Beans
    103

    Checking sites for validity! Future security!

    Hello everyone. My question comes from an IT perspective: How do I check if sites are actually the real deal and not some hacked computer pretending to be the site (such as phishing myspace does, it says www.myspace.com on top, but its actually a invalid server trying to get your password) Something like a key to check, like repositories do?


    Also, how do I check for the md5sum of a file if the site does not post it (like firefox? or quicktime?)

    Thank you!
    Ubuntu user since Dapper to Gutsy. Then Arch Linux and not one reinstall
    To Very First Time Beginners!

  2. #2
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: Checking sites for validity! Future security!

    Are you concerned about phishing e-mails where people send links to ip addresses or incorrect domain names? If this is the case, just don't go to ip addresses or domains you aren't familiar with, and definitely don't give them any sensitive data.

    Are you concerned about DNS spoofing where you go to the correct domain name, but it resolves to an IP address of a compromised system? There wouldn't be any way to detect if a site is being spoofed using an MD5 hash, because where would the hash come from, the web server which is already being spoofed? I don't think a site using an SSL certificate signed by a certificate authority can be spoofed, though.

    If you want the md5sum of a page's html content
    Code:
    wget -q -O - http://ubuntuforums.org/|md5sum
    Last edited by cdenley; April 30th, 2008 at 05:24 PM.

  3. #3
    Join Date
    Feb 2008
    Beans
    606
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Checking sites for validity! Future security!

    Quote Originally Posted by cdenley View Post
    I don't think a site using an SSL certificate signed by a certificate authority can be spoofed, though.
    Only so long as you check the URL and/or certificate.

    Most of the phishing emails I've received are truly lame, trying to get me to go to something like:

    https: //www.phishing.com/www.mybank.com/stealmylogin.html

    Which is obviously fake, but if they had an SSL cert for www. phishing.com, you'd see a padlock in the browser bar and mght assume it was a valid connection unless you checked the URL or the certificate that was being used.

    One benefit of running NoScript in Firefox is that I have my bank sites whitelisted, so if I see a NoScript warning bar I know that I'm not at a valid site or the bank have changed some URL and I need to check it out.

    Obviously they could use a DNS hack so their site appears to be www. mybank.com, but they won't have a signed SSL certificate to prove it, so you'll get a warning message saying it's actually for www. phishing.com.
    Last edited by movieman; April 30th, 2008 at 11:49 PM. Reason: Those aren't real URLs (I hope) - why can't I tell it not to put links in?

  4. #4
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: Checking sites for validity! Future security!

    Obviously they could use a DNS hack so their site appears to be www.mybank.com, but they won't have a signed SSL certificate to prove it, so you'll get a warning message saying it's actually for www.phishing.com.
    Either that or you will get a warning saying it is a self-signed certificate, I think. The same goes for man-in-the-middle attacks where the attacker injects their own SSL certificate in order to decrypt your data. That's why I think self-signed SSL certificates give people a false sense of security.

  5. #5
    Join Date
    Dec 2006
    Beans
    103

    Re: Checking sites for validity! Future security!

    Thank you for your replies. I am worried about if sites are compromised and maybe firefox.exe is replaced with a different firefox.exe (it won't happen, but if it did...) with a virus (same site, getfirefox.com?)

    how do I check SSL certificates?

    and can I get wget to check the md5sum of a file on another server?
    Ubuntu user since Dapper to Gutsy. Then Arch Linux and not one reinstall
    To Very First Time Beginners!

  6. #6
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: Checking sites for validity! Future security!

    Quote Originally Posted by savagenator View Post
    Thank you for your replies. I am worried about if sites are compromised and maybe firefox.exe is replaced with a different firefox.exe (it won't happen, but if it did...) with a virus (same site, getfirefox.com?)

    how do I check SSL certificates?

    and can I get wget to check the md5sum of a file on another server?
    If someone is able to replace your local firefox executable, then your system is already compromised, and DNS spoofing or phishing scams are the least of your worries.
    EDIT:I misunderstood the firefox example. See twisted_steel's post.

    Firefox, or any respectable browser, should always check the SSL certificate if the site uses SSL (URL has https:// prefix). If you don't get any warning on an encrypted page, it's not being spoofed. If you get a warning, the data will be encrypted, but you don't know if the server is being spoofed.

    You can download the file then check the md5 sum using the command I posted before. There is nothing in the HTTP protocol to retrieve md5 checksums generated by the server. It is possible to create a web script to generate checksums of files on the server for users, but this doesn't protect you from spoofed servers since the spoofed server would generate an md5 sum that matches the spoofed file.
    Last edited by cdenley; May 1st, 2008 at 01:37 PM.

  7. #7
    Join Date
    Oct 2004
    Location
    USA
    Beans
    330
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Checking sites for validity! Future security!

    In regards to getting the md5sum of a file, your best bet is to run md5sum on the file and compare it to what you see on the website. The problem is that not all sites have this md5sum for the files, so there is really nothing to compare it to. I wouldn't necessarily look on other sites for the md5sum because there is no guarantee that it is correct. I think it is better, if possible, to get it from the original site, assuming the file and the corresponding md5sum were not modified on the server by an attacker. Some projects offer signed packages with GPG to show that they were uploaded by the correct person.

    I did finally find the md5sums for Firefox, which didn't seem readily mentioned on their site. Find the release you are looking for on http://releases.mozilla.org/pub/mozi...efox/releases/ and then select the version. For example, for 2.0.0.14, the directory is
    http://releases.mozilla.org/pub/mozi...ases/2.0.0.14/. There is a MD5SUMS in there, along with SHA1SUMS file and a GPG key. Note that it says in the file to verify the GPG key somewhere else, as the file could have been modified.

    Once you have the file and md5sum to compare it to, simply open up a terminal and type
    Code:
    md5sum file.tar.gz
    where file.tar.gz is the file you just downloaded. Check the output against the md5sum listed in the file. There is also a sha1sum command for verifying the SHA1 hash.
    XBL Status: Xbox Live friend notifications for Linux

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •