[Cryptography] MITM watch - Tor exit nodes patching binaries

ianG iang at iang.org
Wed Dec 3 09:39:32 EST 2014

The real MITMs are so rare that protocols that are designed around them 
fall to the Bayesian impossibility syndrome (*).  In short, false 
negatives cause the system to be ignored, and when the real negative 
indicator turns up it is treated as a false.  Ignored.  Fail.

Here's some evidence of that with Tor:

... I tested BDFProxy against a number of binaries and update processes, 
including Microsoft Windows Automatic updates.  The good news is that if 
an entity is actively patching Windows PE files for Windows Update, the 
update verification process detects it, and you will receive error code 

.... If you Google the error code, the official Microsoft response is 

If you follow the three steps from the official MS answer, two of those 
steps result in downloading and executing a MS ‘Fixit’ solution 
executable. ... If an adversary is currently patching binaries as you 
download them, these ‘Fixit’ executables will also be patched. Since the 
user, not the automatic update process, is initiating these downloads, 
these files are not automatically verified before execution as with 
Windows Update. In addition, these files need administrative privileges 
to execute, and they will execute the payload that was patched into the 
binary during download with those elevated privileges.

(*) I'd love to hear a better name than Bayesian impossibility syndrome, 
which I just made up.  It's pretty important, it explains why the 
current SSL/PKI/CA MITM protection can never work, relying on Bayesian 
statistics to explain why infrequent real attacks cannot be defended 
against when overshadowed by frequent false negatives.

More information about the cryptography mailing list