An attacker is attempting to insert malicious code into an installer file that is available on the internet.
The attacker is able to gain control of the web server that houses both the installer and the web page
which features information about the downloadable file. To implement the attack and delay detection,
the attacker should modify both the installer file and the:
A.
SSL certificate on the web server
B.
The HMAC of the downloadable file available on the website
C.
Digital signature on the downloadable file
D.
MD5 hash of the file listed on the website
why is this answer D?
0
0
Okay I just figured it out I think. Would it be because the MD5 has many vulnerabilities?
0
0
MD5 is used to ensure the integrity of downloaded file. If the attacker changes the file, he needs to change the MD5 value too.
0
0
I was confused with C and D and chose D.
MD5 hash needed for integrity. The attacker can change that and say “here this is a legitimate file” and if you check the supposed MD5 hash it will match with the one the hacker provided. This way you won’t know what hit ya
0
0