The whole point of WinSCP is to provide a secure channel between a computer and

Question

The whole point of WinSCP is to provide a secure channel between a computer and a server. "Secure" means that there is a possibility of an attacker that can view or modify bytes sent both ways. Let's assume I have keys from the server but have no WinSCP installed (or have it but want to update it). In that case I'm going to download WinSCP from winscp.net which is NOT https and thus webpages I get can be changed by an attacker that is capable of modifying bytes sent/recieved. Download webpage provides checksums which can also be modified by an attacker.

Questions are:

1.How come WinSCP authors did not implement https yet on the website?

2. What can I do to prevent described attack?

Explanation / Answer

WinSCP installer binaries are signed with Authenticode, so you should be able to right-click-properties the .exe and check the signer.

Of course you would have to know that Martin Prikryl is the legitimate author, and you would have to trust Verisign to have made sure that's who it really is, and you'd have to trust that his machine wasn't compromised. But those are the same problems faced by HTTPS.

But yes, it would be better if the download site were HTTPS. Unfortunately software distribution without signing seems to be the norm (in the Windows world at least). There are worse cases (eg PuTTY downloads which are neither signed nor distributed by HTTPS).

I haven't seen a MitM proxy that automatically trojans HTTP-downloaded EXEs yet, but it would seem to be a straightforward attack.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.