Why is a hash sent with data secure?
The source explains an overarching concept and is perhaps slightly ambigious rather than outright misleading. Hashes sent alongside data in their "raw" format are definitely susceptible to a tampering attack and, therefore, we need to either:
- Share the hash value out-of-band: A simple example is downloading a file off a website which shows the file's hashsum on the web page next to the download link (the out-of-band channel here is the web page content being served within a different communication channel or even better served by a different web server). Once you have successfully downloaded the file, you would calculate the hash of the file independently and compare the hash to ensure integrity. This is a common practice for critical files such as an operating system image.
- Authenticate the hash sent along with the data: this is done by using what is known as a Hashed Message Authentication Code (HMAC), which provides both the "integrity" and "authenticity" security services to your message. There are a lot of detailed answers about this topic here.
Your source is misleading (Microsoft misleading, who'd have thought!). You cited this:
Hash values are also useful for verifying the integrity of data sent through insecure channels
So technically it says it's useful if the data was sent through an insecure channel. It doesn't specify how the hash was sent. You are completely right: if the attacker can tamper with the data and you send a hash alongside it, then they can also tamper with the hash value.
So the hash has to be sent via a secure method. The useful part is that you can use this short hash value (of only a few bytes) and compare it over a secure channel to verify that your multi-gigabyte data file is correct. For example, you can talk to someone over the phone to compare the hash value (if you know the voice of the other person and trust that nobody can do voice impersonation) and thereby verify the large file.
The second citation doesn't really say anything about security, just verifying that nothing was modified, which could mean modified by transmission error.