SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thanks, drgibbon! It sounds like only Windows executables were infected, so Linux-only users should be in the clear.
I don't think the point is that Linux is not affected, but...
Quote:
According to the date/time stamps of the infected files, this happened on 27 December 2017 at around 15:30. It is possible that these date/time stamps were forged, but considering the backups taken from the files, it is likely that this is the actual date and time of the breach.
How does something like this go undetected for 2 years?
Stuff gets discovered well after the fact all the time. Not saying it's the norm, but it happens far too frequently. Too many outfits (I'm not saying this applies to Palemoon because I don't use it and I don't know) see security as overhead, not as best practice.
Stuff gets discovered well after the fact all the time. Not saying it's the norm, but it happens far too frequently. Too many outfits (I'm not saying this applies to Palemoon because I don't use it and I don't know) see security as overhead, not as best practice.
This is not some one liner backdoor that someone hide in their source code, but long since compromised binaries on their archive server which simple md5sums should of revealed...
The skeptic in me makes me want to consider that this wasn't mere incompetence, but the malware was intentionally placed and the breach is a cover story.
Remember when kernel.org got breached, that too must have been an inside job by Linus himself!
Too much wailing over some archived windows binaries, AFAIK the git repo's not affected.
There is a huge difference in a breach that is discovered in a few months and one that is discovered two years later.
And we've (the FOSS community) had security problems that went UNdetected for longer, like the major (Heartbleed) one in openssl
Quote:
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
Open source does not always mean all problems in the code are detected sooner.
This one, by the way, affected not just Linux, but a majority of ALL ssl using applications as most of them did use the affected code, either directly or indirect by encorporating it in their own code.
And we've (the FOSS community) had security problems that went UNdetected for longer, like the major (Heartbleed) one in openssl
At the risk of repeating myself heartbleed was a missing bounds check, this was a 3 mb payload.
To put this in perspective this would be equivalent to someone replacing binaries in a well used Slackware mirror for no one to actually verify the packages for another 2-3 years... I personally would be surprised if something like that ever happened.
Does anyone know what has happened since then? I searched for more information on this issue but could not find anything. Has the guy been tried yet? Has he been released?
Not quite the equivalent of the example of a Slackware mirror, because Windows users generally don't compare checksums and are so used to ignoring unsigned binaries that a big yellow warning doesn't phase them. It usually just means that someone couldn't be arsed to jump through Microsoft's hoops. Most of the time it's legit. (Even shit like HP uninstallers did that)
Guilty... a few years back the ClassicShell repository got trojaned (more prankish than malicious). I was so used to installing that program on systems, and so used to yellow warnings about unsigned binaries that I thought nothing of it (huh... the installer doesn't work), until I rebooted to a modified MBR with bootstrap halted and some prankish text. Fortunately that was all they did and I just had to use bootrec to fix it. I ended up blowing it away for other reasons anyway, but that got me back in to continue troubleshooting problems. I was actually quite butthurt over that, because it was the FIRST time I ever infected any computer system (other than on purpose in house for testing cleanup software) and that was a customer system too.
To put this in perspective this would be equivalent to someone replacing binaries in a well used Slackware mirror for no one to actually verify the packages for another 2-3 years...
When you can replace the binaries, it is easy enough to replace all md5sum or sha*sum files too, and probably the private keys were available too on that server to generate corrected gpg signatures. Remember, it WAS the master archive server AND a Windows hosted one, so doesn't have the protection a Linux one would have had.
And no, it has never happened on the master Slackware mirror server (as far as we know....).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.