Checksum Integrity πŸ”’: Audit Downloads ...

Checksum Integrity πŸ”’: Audit Downloads + System; Malicious/Corrupt Software [VIDEO]

Jan 08, 2022

(originally posted on BMAC, where posts are searchable/organized by category; signup for optional account is completely free, includes occasional surprise post/download, has direct messaging, and allows you to receive more important posts by email (if you like))


Important Mention: in addition to other networks, a malicious VPN provider is capable of MITM attacks (one of the networks not commonly mentioned).

Key Security Takehome: Your computer's self hosted, open source encryption/crypto/hash methods are the only reliable encryption you can rely on for data integrity.

What are these? local/trusted checksum comparison programs/commands, ssh/key fingerprints -- all include storing some form of key / crypto related program on your own computer - above any reliance on 3rd party outside servers. Sometimes utilizing form of private key, other times local programs such as sha512sum, sha256sum, GPG, etc for verification.


Recently wrote a checksums tutorial (with screenshots), here on the main BMAC blog. Continuing in line with this important security topic for new Linux users - some may prefer this video over reading the written tutorial: I decided to offer both.


TIP: When checking a download outside the package manager (ie: Linux .img), one way to increase assurance of a checksum is to grab that checksum from a separate domain/server from the download hosting itself.

Example: Compare the hash from the official source, then download from a mirror: in this situation one would have needed to compromise both the mirror and official server to make hash match the download mirror.


I used a real world example of MITM story to introduce checksums and how they can serve to verify integrity of a file, entire package, or set of packages.

With a MITM attack, this can happen more locally, within your home/office LAN, public WiFi. It can happen at a higher level as well. In some countries where Human Rights are not well respected, this type of attack could happen at ISP level. Example: criminals compromising ISP to perform attacks or harm Human Rights activists.

We cover

checksums using commandline, Nextcloud App, and a graphical program called Gtkhash.



VIDEO TUTORIAL:

https://youtu.be/pmKN2Om5rnI

What do you find running these commands? Are you seeing anything concerning? Have you inspected any of the "FAILED" results for anomalies?

Let me know in the comments. πŸ˜€


If you would like to show support work like this, options are listed below, and on Front Page


Thank You to everyone who takes the time to Share and/or Support my videos. As all my channels/pages are completely demonetized.

Thoughts, comments and any questions welcome below.

πŸ˜€ Thank you for Sharing this (Telegram/Social media + everywhere).

----------------------------------------------------------------------
πŸ§…πŸ” ANONYMOUS GITEA (.onion): Books, Code/Scripts, Wiki, more (make a repository)
πŸ§…πŸ” PASTEBIN (.onion): options- password protect, zk-256bit, "Burn After Reading" + more
----------------------------------------------------------------------
πŸ€— SUPPORT OPTIONS (If you like to):
πŸ’²CASHAPP
βœπŸ—’πŸŽž Politictech (BMAC Memberships (monthly supporter option)
🎁 EXTRAS: Unique extra Services (get something back for your support)
πŸ’³ Politictech Main Page: (info + current Crypto)
----------------------------------------------------------------------
FOLLOW:
βœπŸ—’MASTODON
🐦 TWITTER
🎞 PEERTUBE
🎞 BITCHUTE
🎞 ODYSEE
---------------------------------------------------------------------
βœ‰ CONTACT
-------------------------------------------------------------------------
THANK YOU for Sharing this, Liking, and Subscribing.
-------------------------------------------------------------------------
If you aren't registered for Odysee I'd love to see you over there.
Use my invite link: https://odysee.com/$invite/@RTP
--------------------------------------------------------------------------

Enjoy this post?

Buy πŸ₯· (RTP) Privacy Tech Tips πŸ“‘ a coffee

6 comments

More from πŸ₯· (RTP) Privacy Tech Tips πŸ“‘