[Cryptography] Threatwatch: CIN - Corruptor-Injector Network
Tom Mitchell
mitch at niftyegg.com
Mon Aug 10 17:11:51 EDT 2015
On Sun, Aug 9, 2015 at 8:26 AM, ianG <iang at iang.org> wrote:
> There's a long post by "cryptostorm_team" that describes a capture of the
> activity of a CIN or Corruptor-Injector Network.
>
> https://cryptostorm.org/viewtopic.php?f=67&t=8713
>
> The short story appears to be malware injected into the router which then
> proceeds to present a false view of many things, including google sites and
> chrome downloads.
>
Wow.. trouble ....
One short term hack is to find ways to discover these bad certificates and
black list them.
Another is to cache "good" certificates for famous hosts for a gosh long
time and deal with
black listed credentials via a pool of trusted neighbors.
There is no reason to discard a cert in five min if it is good for five
years.
At this point I make a point of keeping most bootstrap install download
tools.
Download of A--> revised to B--> revised to C --> revised to ... N seems a
risk.
Vendors could improve these downloaders with a mix of hard crypto and some
layers of unique knock knock like tricks some with hardwired addresses and
layers
of keys. https:{Google.com, download.google.com, time.google.com
keys.google.com} should
not share a common key, key management or even local routers. Same for
100 more big international companies.
Next vendors and users will need physical media to anchor to something
solidly
in their control. Hardware flash may need a hard wire jumper to hobble
invading software.
The hardware flash for SSD and more seems a future requirement.
The only bright side is the attention this stuff is getting.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150810/f6c912b6/attachment.html>
More information about the cryptography
mailing list