Secure Validated downloads
-
It puzzles me that while we have so much effort being put into making the reading of a site as secure and private as possible, there is zero effort being put into secure validated downloads of the files available from them. A certain Linux site makes a good case example. When the Mint sites were hacked recently, they noted that users of the torrent were protected because of multiple sources and validation with a hash. Note: Mint attracts more non-geeks than any other Linux, because it is complete and easy for Windows and Mac users to get used to. Mint do not control the download sources, so can never guarantee a safe OS from the majority of the mirrors. Currently the validated HTTP/FTP option is manual. Any user that got the bad ISO and actually bothered to use the MD5 available hash, would have been protected. However, almost nobody ever bothers to run a second program and do a second task, so the posted hash will never protect enough people to be any use. Only autisic level geek are ever bothered, and they are best equipped to spot and deal with a bad OS. The people most at risk (normal users) will never in their lifetime run a hash validator program, and have no idea what "all those funny looking numbers and letters" are for. I have seen several easy and reliable solutions appear since 1999, when I first started to question the limitation of "normal" HTTP/FTP downloads after using "Net Vampire" download manager. Net Vampire let you add multiple sources for a file, PING them all, then select the fastest. and at any point pause and swap sources. This was very useful on a 56k modem, but I was always concerned that the only way to get the same file was to look for the same filesize (name does not matter, only content). I wanted a way to add multiple links in 1 click and (being 1999) a PGP key to use for validation (Some Amiga programmers used PGP keys for validation against corruption and hacking for many years. The file was used as the seed for the key, or the "key for the key" even !). Metalinks and Magnets are among the most flexible, reliable and secure alternatives I have found, but only Magnets get commonly used, and then only for 1 thing they weren't even invented for.... trackerless Torrents. Even the magnet link sites stupidly assume they only contain torrent info, and strip all the other valid data for all the other networks and sources. So browser only users over the years have come to desensitised to the little magnet icons, and they ignore a powerful download system that frees people from hosting and bandwidth charges, while guaranteeing a faster and automatically validated download. Chatting in the IRC with QuHno, he reminded me that browsers themselves also need protection from interference or even "Man-In-The-Middle" attacks. This is a very valid point I feel, as there have been more successful "interferences" with web browsers (especially the mobile versions), than with OS distros. Browsers are your front-line contact with the web and will handle (and store) most of your secret info. *** Think !! *** Even if you got your browser from an official source, how do you know an alternative was not injected into your request ? Did you download it at home, at work, at school, in a cafe, airport or long distance trip on a train or bus ? That message you didn't read and said yes to when you connected on that wifi, was probably asking you if you mind them installing their own certificate. From that point on you allow whomever owns that certificate to decrypt your "secure" connection. Unless you find the certificate and delete it, it will continue to expose your details every time you walk past that hotspot. They can read all your incoming and outgoing data. They can extract or inject anything they want (usually to sell your data and inject adverts). It will mask a bad or revoked certificate with the local "good" one, so you have no idea if sites are compromised. This easily abused technique has been found in use by trusted companies such as Comodo and Lenovo, causing the online security world to freak out (quite rightly). The flaw of not owning all mirrors can be negated once they are used at the same time. Unless hackers gain access to all sources, the file will always fail validation. Even if the hash in the link was tampered with, it would not match all the sources and again it will fail. Now the more mirrors you have, the more shielded you become instead of more vulnerable. Magnets and Metalink creation can be automated, or even done for you by a service like Mirrorbrain. They both have different advantages, but can use the same URLs, p2p URIs and hashes. Magnets are just a text link and can be posted to sites you don't manage. Metalinks are text files you must upload to use as the link (like torrent stubs), but you don't download the stub, just the content. Both have been long supported with browser extensions, showing that multi-threaded, secure, validated downloads are possible in a normal browser. This year there is another validated download option to inspire 4.5 geeks and the author, then be ignored for the next 10 years "Trusted Linker Download Redirection" I encourage those of you that have your own site, and provide downloads of any size to try it with the FF extension. There is also a bad file to test failures. https://www.bennish.net/tldr/ If you visit my post on the subject at the Mint forum, you will find all the resources, reference, extensions and userscripts for adding validated downloads to your browser of choice. https://forums.linuxmint.com/viewtopic.php?f=29&t=218068 It is a detailed post, so I am not copying it here. I wouldn't mind if people said "it won't work" or "it is not secure because..." but nobody ever seems to care about security unless someone important says you should, or after the event when it is too late. ...or maybe my ideas are so freaky and radical that only a special type of super advanced alien that lives on LSD could possibly understand. I got told in 1999 that something like Metalinks and magnets was impossible, and I was dreaming of madness. How wrong they were. On my Amiga I was using encryption for my files, floppy disks and HD partitions in 1997. I swapped from GIF and TIFF to PNG in 1996 (the year it was born). In the year 2000 I expected the next 5 years to see encryption and transparent images become normal. Oh boy how wrong I was, and how slow the tech world is if it does not have to do something, or there is no money in sight. So here we are 15 years later, and it took 10 of those to get transparent PNGs to be used widely and correctly, and Photoshop is still always lagging behind the current PNG code (on the Amiga we have updates within hours of the code going public). I have little hope that we will see secure downloads within the next 5 years, but I still live in a fragment of hope that people finally see sense, even if it is after an easily avoided disaster. Finally if you want to gaze in awe at the potential power behind a metalink, here is one I prepared for linuxmint-17.3-cinnamon-64bit.iso [attachment=3057]MetalinkEditor.png[/attachment] Attachments: [img]https://forum.vivaldi.net/uploads/attachments/7680/MetalinkEditor.png[/img]
-