What if someone hacks your server and change your source code

4 views
Skip to first unread message

Riyaz

unread,
Jan 13, 2009, 7:11:33 AM1/13/09
to Clipperz
I'm really impressed by the security provided by Clipperz but still I
have few queries, true all passwords saved in server are encrypted so
it won't help hackers but what if someone hacks your server and change
your sourcecode so that who are all using the hacked version of
clipperz will send decrypted passwords in our local machine to another
remote server.

Adam McMaster

unread,
Jan 13, 2009, 9:23:16 AM1/13/09
to Clipperz
If you're worried about that, I guess the solution would be to run
Clipperz on your own server and inspect the source code.

Giulio Cesare Solaroli

unread,
Jan 13, 2009, 9:57:53 AM1/13/09
to goo...@riyaz.otherinbox.com, Clipperz
Hello Riyaz,

please take a look at this thread:
- http://groups.google.com/group/clipperz/browse_thread/thread/22c7cff41adf9b3a

Short version: host the integrityCheck script on your host and check
the integrity of the code served by Clipperz host each time you want
to use the service.

This is what I do myself, even if I am the one running the service.

Regards,

Giulio Cesare

Steffen Egner

unread,
Jan 13, 2009, 7:13:41 PM1/13/09
to giulio...@gmail.com, goo...@riyaz.otherinbox.com, Clipperz
Hi all,

I think the integrity check via checksum points in the right direction. However, the current idea puts the effort for solving the problem on the user.

Pushing this idea one step ahead would be to integrate this idea into your solution. Why don't you operate a second server for running the integrity check script?

Okay, I see, the intruder might change the script such that the integrity script is ruled out.

Okay, then we put thiis approach one more step fürther: Operate a third server, which calls the integrity test on the second server, and only then delivers the main software from the first server.

I think this combination of the separate servers makes this approach bullet-proof. Do I miss something?

Steffen

Giulio Cesare Solaroli

unread,
Jan 13, 2009, 7:25:34 PM1/13/09
to steffe...@gmail.com, goo...@riyaz.otherinbox.com, Clipperz
Hello Steffen,

security wise, the checksum should be integrated into the browser
itself. We are trying to work in this direction, but it is definitely
a problem out of our hands right now.

About providing a script, we are already doing it here:
- http://www.clipperz.com/integrityCheck.php?md5=5b6805e58ffef2fdbf1e0f99d988cfac

But obviously this is just to test it out, as it is currently run on
the same server hosting the application. But even if it was running on
a different server, it would be quite easy for a compromised server to
return the legitimate answer to the integrityCheck script (recognized
by the IP of the request) and a compromised request to everybody else.

So, even if it is a little burden put on the user shoulders, having an
independently distributed set of integrityCheck scripts would provide
a lot of benefit to all Clipperz users, as it would make much easier
to spot a compromised server.

Regards,

Giulio Cesare

Steffen Egner

unread,
Jan 13, 2009, 10:46:39 PM1/13/09
to Giulio Cesare Solaroli, goo...@riyaz.otherinbox.com, Clipperz
Hello Guilio Cesare,

to integrate the checksum into the browser is probably the best solution from the security point of view, but I think this is not user-friendly. The user cannot arrange that this is integrated into all browsers on all computers he potentially uses.

An alternative could be to arrange that an intruder has to hack two servers at the same time to compromise the security of your system. That is the idea that I was trying to convey. A solution based on this idea could be user-friendly and would also be relatively secure.

I see that my previous suggestion did not work. But I think this one will: Have a second server that repreatedly calls the integrity check. For example once per minute. If the check fails, the second server will block the main server and send an email to you. Now, nobody can use clipperz anymore (at least online). But that's better than hacked passwords.

What do you think?

Steffen

Marco Barulli

unread,
Jan 17, 2009, 1:30:56 PM1/17/09
to steffe...@gmail.com, Giulio Cesare Solaroli, goo...@riyaz.otherinbox.com, Clipperz
Hi all,
we are also invstigating "link fingerprints" to see if they can
provide an effective and convenient solution for Clipperz.

Here are some info:
http://www.gerv.net/security/link-fingerprints/
http://mdhashtool.mozdev.org/lfinfo.html

Marco
--
Marco Barulli
marco....@gmail.com
Reply all
Reply to author
Forward
0 new messages