Re: Possibility to cheat integrity checking?

From: Dario N. Ciccarone (dciccaro@cisco.com)
Date: 03/13/02 

Date: Wed, 13 Mar 2002 15:35:28 -0300
To: Holger Reichert <holger.reichert@holysword.de>, focus-ids@securityfocus.com
From: "Dario N. Ciccarone" <dciccaro@cisco.com>

cheating when? agains what?

I guess the easier way would be to do whatever modification you want on the file, but previous to that, save the original file somewhere, date last updated and file length. after, install a LKM that, when the aforementioned file is accessed, it would return the original date & length. and when some program tries to read the file (not execd()), return the content of the original file

At 10:31 3/13/2002 +0100, Holger Reichert wrote:
>Hello List,
>
>I've a question regarding the possibilities of cheating the following
>combination of file integrity checking.
>
>* MD5 checksum
>* Date last updated
>* File length
>
>How easy is it?
>Are there tools to manipulate a file and get the orginal MD5 checksum.
>Is it then possible to forge the above mentioned file attributes?
>Or is this a combination which cannot be cheaten?
>I myself think, that the above method isn't secure enough, but I need
>the facts.
>Imformative links would also be nice to have ;-)
>
>Thank you in advance
>
>Holger Reichert

=================================================================================================
Cisco SAFE - A Security Blueprint for Enterprise Networks
SAFE for Enterprise, SMB, IPSec VPNs, Wireless and IP Telephony
www.cisco.com/go/safe
=================================================================================================
Disclaimer:
These are my own personal opinions and not necessarily those of Cisco Systems.

Sed quis custodiet ipsos custodes?

Dario N. Ciccarone

Cisco Systems
Argentina, Paraguay, Uruguay y Bolivia
Ing. Enrique Butty 240 Piso 17
C1001ABF, Buenos Aires , Argentina
Phone/Vmail: 54-11-4341-0203
Fax: 54-11-4341-0149
dciccaro@cisco.com

Quantcast