jimbobway (OP)
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
September 26, 2012, 05:06:49 PM |
|
Make sure you use pgp to test your download before installing bitcoin. http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.phpSummary
One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.
Description
One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.
Severity
We consider this vulnerability to be critical.
|
|
|
|
|
|
|
|
|
You can see the statistics of your reports to moderators on the "Report to moderator" pages.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Blinken
|
|
September 26, 2012, 09:12:49 PM |
|
Obviously the hackers are going to change the hash on the site as well. How do you know you have a good hash? That is the problem.
|
Bitcoin ♦♦♦ Trust in Mathematics, Not Bankers ♦♦♦
|
|
|
jimbobway (OP)
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
September 26, 2012, 09:19:23 PM |
|
Obviously the hackers are going to change the hash on the site as well. How do you know you have a good hash? That is the problem.
Using Gavin's PGP signature you can test the SHA256SUMS.asc file to see if the hash in the file is legit. EDIT: See this thread https://bitcointalk.org/index.php?topic=69355.0
|
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
September 26, 2012, 09:36:37 PM |
|
Checking PGP signatures is fine, but I suspect this is not a procedure an average user will be doing. Is not possible to setup a dedicated, hardened and fully audited server, only for bitcoin updates repository ?
|
If you don't own the private keys, you don't own the coins.
|
|
|
jimbobway (OP)
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
September 26, 2012, 09:39:25 PM |
|
Checking PGP signatures is fine, but I suspect this is not a procedure an average user will be doing. Is not possible to setup a dedicated, hardened and fully audited server, only for bitcoin updates repository ?
This was discussed a while back. Bitcoin devs considered hosting downloads on github which uses SSL and is more secure, but is attackable. Maximum security is to use PGP.
|
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
September 26, 2012, 09:50:48 PM |
|
Checking PGP signatures is fine, but I suspect this is not a procedure an average user will be doing. Is not possible to setup a dedicated, hardened and fully audited server, only for bitcoin updates repository ?
This was discussed a while back. Bitcoin devs considered hosting downloads on github which uses SSL and is more secure, but is attackable. Maximum security is to use PGP. I understand PGP is secure, but it's not convenient for the average Joe. I bet that the great majority of users never checked a download before. While a dedicated server, opposed to github, can be audited and verified by dev team at the file level before each download.
|
If you don't own the private keys, you don't own the coins.
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
September 26, 2012, 09:51:45 PM |
|
Checking PGP signatures is fine, but I suspect this is not a procedure an average user will be doing. Is not possible to setup a dedicated, hardened and fully audited server, only for bitcoin updates repository ?
A single server doesn't help much against DDoS, and bitcoin sites have often been DDoS victims in the past. Multiple servers + active admin team can do it... but at that point you've just reinvented SourceForge or CloudFlare. If you go through a DDoS hardened proxy, you are back to trusting SF/CF/...
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
jimbobway (OP)
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
September 26, 2012, 09:53:52 PM |
|
I understand PGP is secure, but it's not convenient for the average Joe. I bet that the great majority of users never checked a download before. While a dedicated server, opposed to github, can be audited and verified by dev team at the file level before each download.
Gavin would probably say something like, "You want to do it?"
|
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
September 26, 2012, 10:03:34 PM |
|
I understand PGP is secure, but it's not convenient for the average Joe. I bet that the great majority of users never checked a download before. While a dedicated server, opposed to github, can be audited and verified by dev team at the file level before each download.
Gavin would probably say something like, "You want to do it?" Sure, why not, though Jeff is right on the DDoS issues. I'm also thinking in setting up a script which every hour will download and PGP verify the files, and send an alarm by email if see any problem. Do you think that procedure can be helpful ?
|
If you don't own the private keys, you don't own the coins.
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
September 26, 2012, 10:07:06 PM |
|
I'm also thinking in setting up a script which every hour will download and PGP verify the files, and send an alarm by email if see any problem. Do you think that procedure can be helpful ?
Absolutely. That is a perfect example of decentralized action at work... we need as many people as possible checking these things.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2216
Chief Scientist
|
|
September 26, 2012, 10:13:49 PM |
|
I'm also thinking in setting up a script which every hour will download and PGP verify the files, and send an alarm by email if see any problem. Do you think that procedure can be helpful ?
Absolutely. That is a perfect example of decentralized action at work... we need as many people as possible checking these things. I was just about to say the same thing; if there were multiple people all over the world downloading and checking the binaries against the PGP signatures that would be a wonderful thing, and would be much more robust against all the various attacks that might happen (DNS poisoning on some subset of the Internet, compromising one mirror, etc etc etc).
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
jimbobway (OP)
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
September 26, 2012, 10:15:15 PM |
|
|
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
September 26, 2012, 11:52:48 PM |
|
I'm also thinking in setting up a script which every hour will download and PGP verify the files, and send an alarm by email if see any problem. Do you think that procedure can be helpful ?
Absolutely. That is a perfect example of decentralized action at work... we need as many people as possible checking these things. This script will download and verify the bitcoin installer, and send an email if any problem found. Mailutils package is needed. #!/bin/bash
cd /path to files/
if [ ! -f gavinandresen.asc ] then wget http://bitcoin.org/gavinandresen.asc fi
rm -f SHA256SUMS.asc rm -f bitcoin-0.7.0-win32-setup.exe
wget http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.7.0/SHA256SUMS.asc wget http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.7.0/bitcoin-0.7.0-win32-setup.exe
gpg --import gavinandresen.asc gpg --verify SHA256SUMS.asc
sha256sum bitcoin-0.7.0-win32-setup.exe > shafile.txt cat SHA256SUMS.asc |grep bitcoin-0.7.0-win32-setup.exe > shafile2.txt
if diff shafile.txt shafile2.txt >/dev/null ; then echo "" else echo "Verify problem !" | mail -s Bla xxx@yyyy.com fi
|
If you don't own the private keys, you don't own the coins.
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
September 26, 2012, 11:57:19 PM |
|
Just import Gavin's key once, rather than once each time you run the script.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
September 26, 2012, 11:58:49 PM |
|
Just import Gavin's key once, rather than once each time you run the script.
Yes, I think it only imports it once, if file is not present.
|
If you don't own the private keys, you don't own the coins.
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1330
|
|
September 27, 2012, 04:58:58 AM |
|
The script checks whether the SHA256SUMS.asc file is correctly signed or not, and then ignores the result and continues whether or not the signature is valid.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
Draino
|
|
September 27, 2012, 05:04:38 AM |
|
forgive my ignorance, but uh
what about bit torrent?
|
|
|
|
gusti
Legendary
Offline
Activity: 1099
Merit: 1000
|
|
September 27, 2012, 11:03:34 AM |
|
The script checks whether the SHA256SUMS.asc file is correctly signed or not, and then ignores the result and continues whether or not the signature is valid.
Yes, you are right, script is very basic (I'm not a programmer, really) and does not check signature validity.
|
If you don't own the private keys, you don't own the coins.
|
|
|
intel-core-i7
Member
Offline
Activity: 86
Merit: 10
|
|
September 28, 2012, 03:09:00 AM |
|
I will post a new script + a php version to put it on a shared hosting - for people who have just that... When I post - I will be happy for donations 162QsQNozzpF242K3n7nXuzkBAtbjcsbQF
|
If you like what I do - donate : 1MWoRs6wKyJLLYm7gjrWeTcipCrCTneCRE | torchat: g7hzmvlpjygbiage
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
September 28, 2012, 03:53:08 AM |
|
Can't someone just create a monitoring script, using PHP, and tell us if the current file is valid? Everyone can run this on their own server or host it for others.
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
October 14, 2012, 12:04:26 AM Last edit: October 14, 2012, 01:15:46 AM by runeks |
|
Here's a bash script that verifies the current 0.7.0 release. It returns 0 if everything matches up, and 1 if something went wrong (bad signature/bad file hash). #!/bin/bash
BASEURL="http://downloads.sourceforge.net/project/bitcoin/Bitcoin/bitcoin-0.7.0/" FILES="bitcoin-0.7.0-linux.tar.gz bitcoin-0.7.0-macosx.dmg bitcoin-0.7.0-win32-setup.exe bitcoin-0.7.0-win32.zip" SIGNATURE="SHA256SUMS.asc" TMPFILE="hashes.tmp"
for file in in $FILES $SIGNATURE do wget --quiet -N "$BASEURL$file" done
#check signature gpg --decrypt SHA256SUMS.asc > "$TMPFILE" 2>/dev/null
if [ $? -ne 0 ] then echo "Bad signature." exit 1 fi
#check hashes diff <(sha256sum $FILES) hashes.tmp > /dev/null
if [ $? -eq 1 ]; then echo "Hashes don't match." exit 1 elif [ $? -gt 1 ]; then echo "Error executing 'diff'" exit 2 fi
#everything matches up! clean up the mess for file in $FILES $SIGNATURE $TMPFILE do rm "$file" done
exit 0 A better way than hard coding file names would probably be pulling the newest version of SHA256SUMS.asc, and downloading the files specified in there. But I don't know how to get a direct URL for the newest version of a file on SourceForge. http://sourceforge.net/projects/bitcoin/files/latest/download redirects to http://heanet.dl.sourceforge.net/project/bitcoin/Bitcoin/bitcoin-0.3.24/bitcoin-0.3.24-src.tar.gz which seems very... not latest. EDIT: You need to have Gavin's GPG key imported on your system for this script to work. This will do it: wget http://bitcoin.org/gavinandresen.asc gpg --import gavinandresen.asc
|
|
|
|
befuddled
Member
Offline
Activity: 73
Merit: 10
|
|
October 14, 2012, 12:49:44 AM Last edit: October 14, 2012, 01:00:59 AM by befuddled |
|
I pasted that script into a file, ran it, and after a couple of minutes it exited and said "Bad signature." Edit: if I just run gpg --decrypt SHA256SUM.asc it shows: ---@jefferson:~/bitcoin$ gpg --decrypt SHA256SUMS.asc 4b7a44fec28cbd9194a1303dd65bba8f13aa2facd4e06e4a3d1df6d66bc1deb5 bitcoin-0.7.0-linux.tar.gz 8c2c2a9dcccb39489a1c3e0bd6e8d8c0efc8aad7889af5aa361e21ec3aa86080 bitcoin-0.7.0-macosx.dmg 9572c2f21d3f4282d9e855f7798cb4d903e900d59358ce03ce695e040090b28c bitcoin-0.7.0-win32-setup.exe f0bdf431928e4000ac23e2299bdf32ef8a6b5adc25497a7bacb079abab7a7f18 bitcoin-0.7.0-win32.zip gpg: Signature made Fri 21 Sep 2012 02:13:56 PM CDT using RSA key ID 1FC730C1 gpg: Can't check signature: public key not found
I've never used pgp, and don't really understand signatures. How does it find the public key? Problem on my end I'm guessing.
|
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
October 14, 2012, 01:14:24 AM |
|
Oh, woops. I forgot to add that you need to have Gavin's key imported for this to work. Do this: wget http://bitcoin.org/gavinandresen.asc gpg --import gavinandresen.asc I'll add it to the original post.
|
|
|
|
foo
|
|
October 14, 2012, 01:25:03 AM |
|
Oh, woops. I forgot to add that you need to have Gavin's key imported for this to work. Do this: wget http://bitcoin.org/gavinandresen.asc gpg --import gavinandresen.asc I'll add it to the original post. Or you can get the key from a keyserver. May be safer? gpg --keyserver pgp.mit.edu --recv-keys 1FC730C1
|
I know this because Tyler knows this.
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
October 14, 2012, 04:33:28 AM |
|
I've updated the script. Now you only need to specify the URL of the SHA256SUMS.asc file in question. It first downloads this file and checks the signature. After that it downloads all the files specified in the signature file and checks the hashes of these files. #!/bin/bash
WORKINGDIR="/tmp/bitcoin" TMPFILE="hashes.tmp"
SIGNATUREFILE="http://downloads.sourceforge.net/project/bitcoin/Bitcoin/bitcoin-0.7.1/test/SHA256SUMS.asc"
if [ ! -d "$WORKINGDIR" ]; then mkdir "$WORKINGDIR" fi
cd "$WORKINGDIR"
GPGOUT=$(curl --silent -L "$SIGNATUREFILE" | gpg --yes --decrypt --output "$TMPFILE" 2>&1)
if [ $? -ne 0 ] then echo "Bad signature." echo "gpg output:" echo "$GPGOUT"|sed 's/^/\t/g' exit 1 fi
FILES=$(awk '{print $2}' "$TMPFILE") BASEURL="${SIGNATUREFILE%/*}/"
for file in in $FILES do wget --quiet -N "$BASEURL$file" done
#check hashes DIFF=$(diff <(sha256sum $FILES) "$TMPFILE")
if [ $? -eq 1 ]; then echo "Hashes don't match." echo "Offending files:" echo "$DIFF"|grep "^<"|awk '{print "\t"$3}' exit 1 elif [ $? -gt 1 ]; then echo "Error executing 'diff'" exit 2 fi
#everything matches! clean up the mess for file in $FILES $TMPFILE do rm "$file" done
exit 0
|
|
|
|
flatfly
Legendary
Offline
Activity: 1078
Merit: 1016
760930
|
|
October 14, 2012, 07:49:43 AM |
|
Hmmm.. Perhaps a stupid question, but how do you verify the verifying script?
|
|
|
|
Foxpup
Legendary
Offline
Activity: 4354
Merit: 3044
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
October 14, 2012, 10:32:10 AM |
|
Hmmm.. Perhaps a stupid question, but how do you verify the verifying script? I'm afraid Ken Thompson has some bad news for you.
|
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
October 14, 2012, 11:23:34 AM |
|
Bitcoin probably will be the next target but people should catch on.
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2216
Chief Scientist
|
|
October 14, 2012, 07:00:48 PM |
|
I've updated the script. Now you only need to specify the URL of the SHA256SUMS.asc file in question.
Nice! You should submit a pull request to put a version of this in the contrib/ directory; my only suggestion would be to make it take a version string as an argument (and maybe automatically look in the test/ subdirectory if it contains 'rc').
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
October 15, 2012, 08:49:01 PM |
|
I've updated the script. Now you only need to specify the URL of the SHA256SUMS.asc file in question.
Nice! You should submit a pull request to put a version of this in the contrib/ directory; my only suggestion would be to make it take a version string as an argument (and maybe automatically look in the test/ subdirectory if it contains 'rc'). Good idea. I've updated the script to allow specifying a version string (which looks in the test/ dir if it ends with "-rc[0-9]") and made the pull request: https://github.com/bitcoin/bitcoin/pull/1935Now we just need Bitcoin-interested people with a server to run this script at timed intervals, and we have ourselves a distributed Bitcoin-executable verification system.
|
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
October 15, 2012, 10:09:34 PM |
|
Hmmm.. Perhaps a stupid question, but how do you verify the verifying script? I will be signing the script, and will make an additional script that verifies this. After that I plan on making a third script that verifies a signature over the second script. Once this is completed, the logical next step is making a script that verifies a signature over the third script. All this will - of course - be useless without the fifth script that verifies the fourth one. So, in the end - if time permits - I will make an infinite number of scripts that will make sure you can trust the first one.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
October 15, 2012, 10:12:01 PM |
|
I had an idea while reading this thread but don't know if it's mathematically possible.
The official binaries are produced from a deterministic process that could be though of as a function that takes a git commit id as an input and produces a checksum of the compiled result as an output.
When an individual signs a release he is effectively asserting "F(X)=Y" for a specific X and Y.
What if it were possible to construct a bitcoin address (A) such that if the address was used to sign the statement "F(X)=Y" and if that statement was not true, a third party could use a combination of the signature, F, and A to derive the private key and thus take any Bitcoins which had been sent there?
If it was possible to generate such an address it could be used to insure builds. Any person who signs a false statement risks having the coins he offered up as insurance taken by the first person to discover the falsehood.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
October 15, 2012, 10:55:43 PM |
|
Hmmm.. Perhaps a stupid question, but how do you verify the verifying script? I will be signing the script, and will make an additional script that verifies this. After that I plan on making a third script that verifies a signature over the second script. Once this is completed, the logical next step is making a script that verifies a signature over the third script. All this will - of course - be useless without the fifth script that verifies the fourth one. So, in the end - if time permits - I will make an infinite number of scripts that will make sure you can trust the first one.
|
|
|
|
chsados
|
|
October 15, 2012, 11:15:44 PM |
|
Why not use torrent/magnet link - or am i missing some vulnerability there?
A trusted user posts the torrent file at some location and we all seed.
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
October 15, 2012, 11:22:05 PM |
|
Why not use torrent/magnet link - or am i missing some vulnerability there?
A trusted user posts the torrent file at some location and we all seed.
The point of using PGP signatures is that a "trusted user" can be impersonated. Speaking of seeding, though, there is an experimental bitcoin blockchain torrent.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own. Visit bloq.com / metronome.io Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
October 15, 2012, 11:30:00 PM |
|
Why not use torrent/magnet link - or am i missing some vulnerability there?
A trusted user posts the torrent file at some location and we all seed.
The threat is that the trusted location - as in SourceForge, or bitcoin.org - is hacked. Whether this trusted location points to a torrent magnet URI or an executable downloaded via HTTP isn't relevant. But you remind me that it's also relevant to crawl bitcoin.org. If an adversary hacks bitcoin.org and makes the Bitcoin client download URL point to a file hosted by himself, we wouldn't notice with this script. So I guess that's another feature that this surveillance system should have.
|
|
|
|
paraipan
In memoriam
Legendary
Offline
Activity: 924
Merit: 1004
Firstbits: 1pirata
|
|
October 15, 2012, 11:49:17 PM Last edit: October 16, 2012, 12:00:36 AM by paraipan |
|
Why not use torrent/magnet link - or am i missing some vulnerability there?
A trusted user posts the torrent file at some location and we all seed.
Great idea, the magnet links contain a cryptographic hash of the file. http://en.wikipedia.org/wiki/Magnet_URI_schemeThe Magnet URI scheme is a de facto standard (instead of an open standard) defining a URI scheme for Magnet links, which mainly refer to resources available for download via peer-to-peer networks. Such a link typically identifies a file not by location, but by content -- more precisely, by the content's cryptographic hash value. So Gavin could sign it with his key and share on the forum and sourceforge and we all get to check for the main client integrity even if a central download server is hacked. The nice thing is all torrent clients know how to handle them and start looking for peers and download the main client without issues.
|
BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
|
|
|
chsados
|
|
October 16, 2012, 12:29:41 AM |
|
Why not use torrent/magnet link - or am i missing some vulnerability there?
A trusted user posts the torrent file at some location and we all seed.
Great idea, the magnet links contain a cryptographic hash of the file. http://en.wikipedia.org/wiki/Magnet_URI_schemeThe Magnet URI scheme is a de facto standard (instead of an open standard) defining a URI scheme for Magnet links, which mainly refer to resources available for download via peer-to-peer networks. Such a link typically identifies a file not by location, but by content -- more precisely, by the content's cryptographic hash value. So Gavin could sign it with his key and share on the forum and sourceforge and we all get to check for the main client integrity even if a central download server is hacked. The nice thing is all torrent clients know how to handle them and start looking for peers and download the main client without issues. exactly...any change to the file and the torrent wont download - similar to the way blockchain works
|
|
|
|
jimbobway (OP)
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
October 16, 2012, 01:45:08 AM |
|
Does this script take into account all of the mirrors?
|
|
|
|
|