Does TLS (Transport Layer Security) protect against deliberate tampering or accidental corruption?

If someone tampers with data being transmitted over HTTPS using TLS, would that result in a corrupted decrypted message or would it result in the error being detected such as through a cryptographic checksum and retransmitted?

This has security implications as well as accidental corruption implications (https://stackoverflow.com/questions/3830206/can-a-tcp-checksum-fail-to-detect-an-error-if-yes-how-is-this-dealt-with).

Protection against tampering

Recently, I have downloaded a game from Steam. I wondered whether it was somehow possible to alter the data of the game and replace it with malware without the computer it was sent to noticing. Basically, is it likely that I became a victim of a MITM attack? And is the method of checking for time delay to detect tampering effective? And what about other ways of not allowing changed incoming traffic?

How to prevent an user from tampering a request using Burp

Our rails application has a feature where admin can from trigger sending verify email to users that haven’t been verified yet but not to verified ones.

However, it was pointed out that by intercepting this PUT request and modifying the id to another one it was possible to send verify email even to the already verified users thereby confusing them.

How do I make sure that I can find out that the request was tampered with.

I can keep track of the users sent invites to and how many times but it still doesn’t solve the problem that anyone can trigger an email to anyone if the know or guess their user id which again is visible from in the user details page in the format users/17.

I’m not sure how do I solve this problem.

Prove a received mail came from a company email when company is tampering on their side

X works for EvilCorp and he sends a whistleblowing email to HR. HR responds with “we will look into it”. But management takes advantage of having control over X’s PC and all email addresses and formats the PC and deletes mails from the server. X has downloaded a copy of the raw email which he had emailed to another employee.

Can X prove the sender, time and contents by possessing the raw email which has ARC headers? Can he prove sender and time by possessing the header alone, like he had to take a photo of whats a long raw email?

Anomaly on new laptop. Does it suggest tampering?

My laptop has a plastic chassis whose panels click into place (no screws on the outside). When I bought it (new), there was a gap on one side along the seam joining the top and bottom halves of the chassis (1 inch by 3-4mm gap). That is to say that one of the “hooks” was not clicked into place. Also, the panels didn’t quite line up by the USB port whose bottom edge merges with the seam on the same side (so it might have been used for prying it open?).

Is this an indication that it might have been tampered with somewhere along the line? The box was sealed and looked fine.

using sha256 to check for boot tampering

Consider the following machine:

  • Dual Boots to two OSes, OS “A” and OS “B”
  • OS “A” is trusted
  • The bios is trusted.
  • The root partition of OS “A” is encrypted
  • OS “A” doesn’t support secure boot
  • OS “B” is not trusted.
  • shim/refind is installed with secure boot enabled for both

I want to make it so if OS “A” tampers with OS “B” I can find out when running refind.

My idea is to modify the refind source code so that in the menu screen it will print the sha256 hash of each file in the EFI boot directory of OS “B”, as well as a combined hash of all the individual hashes.

I think this will allow me to guard against tampering, because if I run OS “A”, then afterwards, I can examine the hash of OS “B” within refind to check if it changed.

Is there a flaw in this reasoning?