Oh this is so fucking juicy: my ISP managed to have done a MITM on at least 600k customers's BitTorrent client. Anyone has any idea how they did it?
Cc: @seungjin
Both can exist in this world, @iron_bug, the interesting part is it only affects people on that ISP, so there was defo some MitM going on there. Just because it only affected users of proprietary garbage doesn't mean it won't be targeting other traffic tomorrow, although fortunately most distros still have PGP signature verification going on which would require a more dedicated effort like a Jia-Tanning.
Cc: @seungjin
@iron_bug, TLS and DNSSEC are as strong as the root CA and zone servers, both are susceptible to manipulation by state actors (feudal korea is practically run by a couple dozens corporations) and it has been done before. Now, since it's feudal korea where TLS is still like a futuristic thing, it wouldn't surprise me if it's just some plain ole response rewriting, but I still want to confirm it isn't something more sophisticated.
nope, if you don't use proprietary software.
@iron_bug, since TLS certs are verify against its issuer and DS records are stored in the top-level <del>balls</del> zones, I fail to understand how free software can magically solve these authorities' corruption problem, unless you meant e.g. root CA list is a binary blob.
I wrote DNS servers for some years, so don't tell this BS to me.
there's NO way to undermine the DNS security if user does not use proprietary crap. the same about malware, vurises, etc.
@iron_bug, when I set DNSSEC up for me.example, I'd give the example server the DS record generated by my authoritative. Don't clients verify other records under me.example against that public key? What prevents the example zone to just swap in another DS record under the hood?
@cnx @iron_bug I think that since this was a company wanting to install malware on its own users' computers it may not have been that difficult: they could have sent an email saying "for security reasons you are required to install this program" and then many customers will install that closed-source program, which can be malware.
If I understood correctly the article does not say that ALL their customers got the malware installed, so then it could be just the obedient ones who installed it.
and I don't even think they "sneaked" anything. they might get proprietary shit infected and didn't even know about this. I had seen dozens of sites like banks, etc that spread trojans. because they used proprietary software and didn't know. this does not affect UNIX or Linux users but they may infect windoze, MacOS and the rest BS.
that's why I tell people to get rid of proprietary systems. they have in-built flaws and backdoors. even if their developers didn't intend to make them.
the program might be comprimised. the email might be a fishing email that caused users installing some third-side malware. the software might have vulnerabilities that were exploited by someone. this could be whatever. we can see the results but we cannot figure out the causes that led to this result.
@cnx @iron_bug another possibility is that the ISP already had some proprietary software installed on users' computers, like their own proprietary VPN client or "antivirus" program or "broadband helper program" or whatever that is supposed to "improve user experience" etc. Then they can later sneak in whatever other malware they want via automatic updates of that program.