Authors

Tarakanov O.

Degree	Assistant, National Research Nuclear University MEPhI (Moscow Engineering Physics Institute)
E-mail	o-tar@yandex.ru
Location	Moscow
Articles	About erroneous outcomes of data protection software Developers of modern data protection software do not pay enough attention to false positive problem while calculating checksum of its files and other data delivered using insecure data transport. That leads to major problem, if attacker can replace checksum or replace process of getting data from file, then most of antiviruses and other very important software will be compromised. Authors of that article developed software for assessing the stability of data protection against different attacks. Method that shows possibility to compromise large amount of systems based on specific of operation system’s file request operations. Software was also developed and tests show that many important utilities such as md5, sha256 (for FreeBSD) and cverify. exe, vipnethashcalc-tool. exe (both of them certified in Russia as data protection software) are not protected against false errors while calculating checksums. Errors appear in 100% test cases. In addition, tests were made for software called «FIKS 2.0.1» witch have special license from Federal Service for Technical and Export Control of Russia (FSTEC). That software also unprotected against false errors and tests proves that. Read more...