2

For securitys sake I'm assuming my system is successfully compromised after a targeted and/or non-targeted attack.

I've downloaded some linux images and burned them to do a re-install. Since I can't trust my compromised system, I have to assume the images are automatically infected. I can't trust checksums since a rootkit could forge the result.

I think the only solution is to ask a friend to verify the cd with the sha256 checksums he/she would download from the linux distributors website after I've burned the cd on my system. This way I verify the image wasn't altered on my or his/her system.

Is this possible? What tools can I use? I've modified this script to calculate a sha256sum but they didn't match.

sfx
  • 903
  • 7
  • 14
  • What's wrong with just using `sha256sum` - utility shipped with most linux distros? – lynks Dec 11 '12 at 15:12
  • @lynks if I use `sha256sum` to calculate the checksum of the iso I didn't verify this was really burned to the cd. Somebody could manipulate the program I'm using to burn the image and backdoor it on the fly. – sfx Dec 11 '12 at 15:17
  • 2
    So verify the iso on a trusted machine before burning it... – lynks Dec 11 '12 at 15:23
  • Your only reasonable solution is to shun your compromised system until you **nuke it from orbit**. Burn the image at your friend's computer, do not use the compromised system any longer. – Deer Hunter Dec 11 '12 at 15:24
  • @DeerHunter This way I would still have to verify the image on another system since his system could have altered the image. – sfx Dec 11 '12 at 15:29
  • 2
    @sfx - I do appreciate your vigilance. However, by randomly choosing your friend, you minimize the risk of having two systems infected with ISO-modifying malware. – Deer Hunter Dec 11 '12 at 15:33
  • 1
    @sfx there is no perfect security unless you're able to build your own hardware from the silicon/platters on up, write your own compiler in machine code, and compile your kernel that way. – lynks Dec 11 '12 at 15:38
  • 1
    @lynks And even then you'll do something wrong and get pwned. There's no perfect security **end of discussion**. Anyone who claims to be able to attain such a thing is fraudulent or delusional. – Polynomial Dec 11 '12 at 15:54

1 Answers1

7

It is highly, highly unlikely that the malware that has compromised your system would be able to somehow intercept the ISO, modify it, and change the website's file checksum to match. It would also be extremely unlikely that it would be able to modify the ISO while it is burned to a DVD so it will compromise your new OS version.

It would be slightly more believable that the malware would corrupt your browser to direct you to a compromised ISO in the first place for you to download, however that is also pretty unlikely.

In all likelihood you're safe using an ISO you downloaded on your compromised system, however it's unlikely that you're on a desert island with only one computer and a satellite dish for company, so why not research, download, and burn an ISO from a friend's computer? That will eliminate the very slight risk.

GdD
  • 17,291
  • 2
  • 41
  • 63
  • 1
    +1, there's no such thing as perfect security. Attempting to attain it will reduce in frustration and stress-related brain tumours. Accept the absolutely minuscule risk and get on with your life. – Polynomial Dec 11 '12 at 15:49