Hashing Files

[amoeba00]

Has there been any thought to possibly posting the MD5 hash of the files that are made available for download?

 

I just downloaded a Nexus file (not a .7z mod, but still one from the Nexus) that Norton/Symantec detected as having a virus. Now in all liklihood, it's a false positive, since the heuristic detection was dated months after the file had already been uploaded on the system, but that got me thinking....

 

Seems to me, that's one way to get unsuspecting folks to download and install this new CryptoVirus and have their systems hijacked.

 

Of course, for a system like this to work - it would have to be handled by the system on the backend and not by the author (since if the author's account is the one that's compromised - then it's easy enough to post the "updated" hash). And then a historical list would need to be kept and monitored, etc. etc.

 

Now, there might be some security measures in place already behind the scenes, but figured it would be worth mentioning.

 

Thoughts? Or should folks just know better, nothing to see here, moving along....?

 

 

 

 

[amoeba00]

Given the recent attention to the validity of files, I wonder if now some sort of additional validation system might be worth another look.

[PlagueHush]

I'm not sure the proposed solution could, on it's own, add much additional protection. The issue is that the MD5 hash would have to be generated by the system each time the author uploads an update. A malicious upload from an author or a moderator is still going to trigger hash regeneration.

 

It's not possible to prevent an author's account that has been compromised by a malicious actor (or a malicious author), from uploading malware to the site. Having said that, it's not likely that an author of a very popular mod would do this and undermine all of their hard work anyway, and any identification of one of these files as malicious is going to be picked up and resolved in a very short time (as the recent occurence showed!).

 

Equally, the recent problems we've seen weren't caused by a compromised author account, but a compromised moderator's account, which is how multiple files were able to be replaced across different areas of the Nexus. It's resolving this issue that would have the most value.

 

Contrary to the OP, what would reduce the risk of a repetition of the recent breach, would be to assign Public Key Encryption methods, generated from the author's authentication to the site. Hashing the files with the author's private key, and have NMM use the author's public key to check it against the data in the site's database. This would ensure moderators/admins are unable to generate replacement hashes, even if they were able to replace the files. Any compromise here would also require the replacement of the author's private and public keys. This would at least limit compromises to an individual mod, and any replacement of files would be dependent on individual author's accounts being breached.

 

It should be noted however, that NMM would need to be recoded to include code that checked the hashing, but that this method could not provide any protections for manual downloads (which are often preferable as they allow for the selection of preferable servers, and the downloads often connect more reliably).

 

This may be seen as a sufficient compromise between security and usability, as it would add a limit to the amount of files that could be compromised in most attacks - but it would come with a cost, and wouldn't fix all of the problems.

[amoeba00]

Clearly, there would be some significant work on the back end to mitigate against a compromised account, and it may turn out that the effort does not justify the result.

 

It's a topic that a lot of end users don't understand - and all too often you wind up with files having the same name floating around with no mechanism at all to validate if it is the same file that was originally presented.

 

Just like crime of any type - if someone truly wanted to wreck havoc with your life - not much you can do to stop them. You can, however, take a few preventive measures, so that maybe they decide it's easier to try another target.