Vulnerability Development mailing list archives
RE: Infecting the KaZaA network? (moving here thread from 'traq)
From: "Benjamin P. Grubin" <bgrubin () pobox com>
Date: Sat, 16 Feb 2002 00:28:29 -0500
Understood. Vlad already mostly validated my point. It was that the MD5 checksum for the Kazaa client is not downloaded from the network. The MD5 checksum would have to be present in the stub download from Kazaa/CNET themselves. This precludes MITM attack for the initial client download (though not necessarily later software downloads, but those are a lot harder to predict and target). The only situation where an MITM is possible during the Kazaa client installation is between you and CNET, by feeding you a bogus Kazaa stub, in which case you've got the fruit of a poison tree problem. Hence my statement that it is not a Kazaa vulnerability, but a generic downloading of executables issue--and one that cannot be solved by focusing on Kazaa. Cheers, Ben
-----Original Message----- From: Thierry Zoller [mailto:support () sniff-em com] Sent: Thursday, February 14, 2002 7:32 AM To: bgrubin () pobox com Cc: vuln-dev () securityfocus com Subject: RE: Infecting the KaZaA network? (moving here thread from 'traq)This is done from the kazaa website (or CNET download.com).The issue was thatKazza uses there Cloud load (TM) "Technology" to download the latest build, which means nothing more than connecting to the kazaa network and searching for the latest kazaa executable, then downloading it *from the users* That's why the initial posting suggested a trojaned version being deployed. Theirry
Current thread:
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Raistlin (Feb 08)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) John Hall (Feb 10)
- <Possible follow-ups>
- Re: Infecting the KaZaA network? (moving here thread from 'traq) nestler (Feb 12)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Shoten (Feb 12)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Valdis . Kletnieks (Feb 13)
- RE: Infecting the KaZaA network? (moving here thread from 'traq) Benjamin P. Grubin (Feb 13)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Valdis . Kletnieks (Feb 14)
- Re: Infecting the KaZaA network? (moving here thread from 'traq) Shoten (Feb 12)
- RE: Infecting the KaZaA network? (moving here thread from 'traq) Benjamin P. Grubin (Feb 16)