XPost: alt.os.linux.mint

http://blog.linuxmint.com/?p=2994

Quotes:

"Beware of hacked ISOs if you downloaded Linux Mint on February 20th!"

"We were exposed to an intrusion today. It was brief and it shouldn’t
impact many people, but if it impacts you, it’s very important you read
the information below."

"Hackers made a modified Linux Mint ISO, with a backdoor in it, and
managed to hack our website to point to it."

"As far as we know, the only compromised edition was Linux Mint 17.3
Cinnamon edition."

"If you downloaded another release or another edition, this does not
affect you. If you downloaded via torrents or via a direct HTTP link,
this doesn’t affect you either."

"Finally, the situation happened today, so it should only impact people
who downloaded this edition on February 20th."

"The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com."

"Both lead to Sofia, Bulgaria, and the name of 3 people over there. We
don’t know their roles in this, but if we ask for an investigation, this
is where it will start."

--

bleak_fire_

since nine-seven

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

On Sun, 21 Feb 2016 05:48:09 +0100
bleak_fire_ <penachew@yomomma.hot.invalid> wrote:

http://blog.linuxmint.com/?p=2994

Quotes:

"Beware of hacked ISOs if you downloaded Linux Mint on February 20th!"

"We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you
read the information below."

"Hackers made a modified Linux Mint ISO, with a backdoor in it, and
managed to hack our website to point to it."

"As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition."

"If you downloaded another release or another edition, this does not
affect you. If you downloaded via torrents or via a direct HTTP link,
this doesn’t affect you either."

"Finally, the situation happened today, so it should only impact
people who downloaded this edition on February 20th."

"The hacked ISOs are hosted on 5.104.175.212 and the backdoor
connects to absentvodka.com."

"Both lead to Sofia, Bulgaria, and the name of 3 people over there.
We don’t know their roles in this, but if we ask for an
investigation, this is where it will start."

This would be a good time for Cinnamon users to try Douane Firewall.

https://github.com/Douane/Douane/wiki/Compilation

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

Johnny <johnny@invalid.net>:

This would be a good time for Cinnamon users to try Douane Firewall.

https://github.com/Douane/Douane/wiki/Compilation

I would if there were a compiled download or better a PPA or better
still, if it were in the Mint or Ubuntu repos.

Yrrah

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

Paul <nospam@needed.com> writes:

http://www.ghacks.net/2016/02/21/linux-mint-hacked-iso-images-compromised/

"If you run Linux, use the command md5sum nameofiso.iso, e..g

md5sum linuxmint-17.3-cinnamon-64bit.iso

The ISO image is clean if the signature matches
one of those listed below..."

Well, don't do that. It takes 60 seconds on a Pentium 4
computer, to "fix" an ISO so it has the correct MD5SUM.

Go on then, produce a second well-formed ISO image that hashes to e71a2aad8b58605e906dbea444dc4983.

Or if you’d prefer to work with a smaller first preimage:

$ cat /etc/motd

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ md5sum /etc/motd
9830e3dbb6a828f2cc824db8db0ceaf7 /etc/motd

Clock’s ticking!

MD5 is compromised, and is no good for this purpose.

MD5’s collision resistance is well known to be completely broken, but
this application does not depend on collision resistance.

It’s certainly somewhat disappointing to see it still used in 2016, but that’s no excuse for spreading FUD.

--
http://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

Richard Kettlewell wrote:

Paul <nospam@needed.com> writes:

http://www.ghacks.net/2016/02/21/linux-mint-hacked-iso-images-compromised/ >>
"If you run Linux, use the command md5sum nameofiso.iso, e..g

md5sum linuxmint-17.3-cinnamon-64bit.iso

The ISO image is clean if the signature matches
one of those listed below..."

Well, don't do that. It takes 60 seconds on a Pentium 4
computer, to "fix" an ISO so it has the correct MD5SUM.

Go on then, produce a second well-formed ISO image that hashes to e71a2aad8b58605e906dbea444dc4983.

Or if you’d prefer to work with a smaller first preimage:

$ cat /etc/motd

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ md5sum /etc/motd
9830e3dbb6a828f2cc824db8db0ceaf7 /etc/motd

Clock’s ticking!

MD5 is compromised, and is no good for this purpose.

MD5’s collision resistance is well known to be completely broken, but
this application does not depend on collision resistance.

It’s certainly somewhat disappointing to see it still used in 2016, but that’s no excuse for spreading FUD.

So you're saying, if I take the Mint ISO, modify it,
then adjust a portion of the ISO that doesn't matter
to the function of the installation or operation,
so the MD5 is the same as the official release,
it doesn't matter ?

Perhaps I misunderstand what a checksum is for ?

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

On Sun, 21 Feb 2016 14:19:56 +0100
Yrrah <Yrrah-aolm@aolm.invalid> wrote:

Johnny <johnny@invalid.net>:

This would be a good time for Cinnamon users to try Douane Firewall.

https://github.com/Douane/Douane/wiki/Compilation

I would if there were a compiled download or better a PPA or better
still, if it were in the Mint or Ubuntu repos.

Yrrah

Maybe after this, they will add it to the repositories.

I have to admit, it's hard to get the Douane firewall working, and I
imagine most people just gave up.

It's amazing that someone smart enough to write a program like this,
can't properly explain how to install it, and get it working.

The first problem you run into during the manual installation is when
you are told to start the service with sudo service douane start.

Once you start the service, you have blocked access to the Internet,
and can't complete the rest of the installation, until you open a
terminal and enter the command sudo service douane stop.

Once you have completed the installation, you will find Douane is not
listed in the Menu. You have to open the Menu Editor, and add it
manually.

I added it to Accessories, named it Douane, and added the start
command: douane-configurator. Then I went to ~/Douane, found the icon
to use.

After all this, when you open the configurator and start the Douane
firewall, you will find that you get no dialog box asking which
programs you want to allow to access the Internet. You are just
blocked from Internet access.

Then you have to go to ~/Douane/douane-configurator/douane,
you have to make autostart.py, dbus.py, and _init-.py executable.

Then when you start the firewall, and then start Firefox, you will get
a dialog box asking if you want to allow Firefox to access the Internet.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

Johnny <johnny@invalid.net>:

This would be a good time for Cinnamon users to try Douane Firewall.

I would if there were a compiled download or better a PPA or better
still, if it were in the Mint or Ubuntu repos.

Maybe after this, they will add it to the repositories.

I have to admit, it's hard to get the Douane firewall working, and I
imagine most people just gave up.
(useful info deleted)

Thanks for the info. I think the author needs help. I know far too
little about the matter, so I can't be of assistance.

Yrrah

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

bleak_fire_ <penachew@yomomma.hot.invalid>:

"Beware of hacked ISOs if you downloaded Linux Mint on February 20th!"

TARFU. Also: <http://news.softpedia.com/news/linux-mint-forums-completely-compromised-users-need-to-change-their-passwords-500724.shtml>

Yrrah

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

On 02/21/2016 11:44 AM, Yrrah wrote:

Johnny <johnny@invalid.net>:

This would be a good time for Cinnamon users to try Douane Firewall.

I would if there were a compiled download or better a PPA or better
still, if it were in the Mint or Ubuntu repos.

Maybe after this, they will add it to the repositories.

I have to admit, it's hard to get the Douane firewall working, and I
imagine most people just gave up.
(useful info deleted)

Thanks for the info. I think the author needs help. I know far too
little about the matter, so I can't be of assistance.

Yrrah

I have yet been able to successfully configure Douanne.

--
Caver1

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.os.linux.mint

bleak_fire_ wrote:

http://blog.linuxmint.com/?p=2994

Quotes:

"Beware of hacked ISOs if you downloaded Linux Mint on February 20th!"

http://www.ghacks.net/2016/02/21/linux-mint-hacked-iso-images-compromised/

"If you run Linux, use the command md5sum nameofiso.iso, e..g

md5sum linuxmint-17.3-cinnamon-64bit.iso

The ISO image is clean if the signature matches
one of those listed below..."

Well, don't do that. It takes 60 seconds on a Pentium 4
computer, to "fix" an ISO so it has the correct MD5SUM.
MD5 is compromised, and is no good for this purpose.
SHA1 is better than MD5, in that if a compromise exists,
it can't be done on a P4 in 60 seconds.

This article reviews the usefulness of MD5.

https://en.wikipedia.org/wiki/Md5

SHA1 has a security rating of "yellow". MD5 has
a security rating of "red". The change-over to SHA-2
(SHA256) for https certificates, has a rating
of "green". If a mirror of the Mint site provides
a SHA1 checksum file, that might be good enough for
detecting script kiddie changes, but a nation state
with a supercomputer might be able to fake a correct
SHA1 as well.

https://en.wikipedia.org/wiki/Sha1

It might be better to just throw the ISO image away,
and download again, when a safe source is known.

*******

http://mirror.csclub.uwaterloo.ca/linuxmint//stable/17.3/

linuxmint-17.3-cinnamon-32bit.iso 30-Nov-2015 10:14 1G linuxmint-17.3-cinnamon-64bit.iso 28-Nov-2015 18:18 1G linuxmint-17.3-cinnamon-nocodecs-32bit.iso 30-Nov-2015 21:06 1G linuxmint-17.3-cinnamon-nocodecs-64bit.iso 30-Nov-2015 18:10 1G linuxmint-17.3-cinnamon-oem-64bit.iso 01-Dec-2015 09:31 2G linuxmint-17.3-kde-32bit.iso 05-Jan-2016 22:57 2G linuxmint-17.3-kde-64bit.iso 05-Jan-2016 21:26 2G linuxmint-17.3-mate-32bit.iso 30-Nov-2015 10:31 1G linuxmint-17.3-mate-64bit.iso 28-Nov-2015 18:19 2G linuxmint-17.3-mate-nocodecs-32bit.iso 01-Dec-2015 02:43 1G linuxmint-17.3-mate-nocodecs-64bit.iso 01-Dec-2015 01:01 2G linuxmint-17.3-mate-oem-64bit.iso 01-Dec-2015 10:42 2G linuxmint-17.3-xfce-32bit.iso 05-Jan-2016 16:41 1G linuxmint-17.3-xfce-64bit.iso 05-Jan-2016 15:48 1G md5sum.txt 06-Jan-2016 16:00 958 sha256sum.txt 06-Jan-2016 16:03 1406 <---
sha256sum.txt.gpg 06-Jan-2016 16:09 181

So some SHA256 checksums are available.
Now, try and find a working utility to do that :-)
I usually end up collecting source code for these
checksum programs, just because of the deficiencies
I find in some of them. One "suite" I downloaded,
it actually failed some test cases I ran against it,
which didn't exactly build my confidence in publicly
available code. Failing a test case isn't the worst
thing in the world, since it means the program isn't
going to be validating any downloads on you and effectively
claiming they are good downloads. It would basically
reject everything you'd downloaded.

46b8a14826a53f4cacf56d1132a5184c2132f274aef8103e5e8e8cae9e1cfde0 linuxmint-17.3-cinnamon-32bit.iso
854d0cfaa9139a898c2a22aa505b919ddde34f93b04a831b3f030ffe4e25a8e3 linuxmint-17.3-cinnamon-64bit.iso
506a8e88c83cddc7fadd2b7c5bf25b7e6a15f028e1628004dcd6470084430f17 linuxmint-17.3-mate-32bit.iso
d02bfaae749db966778276a8ae364843c1ffb37b3e1990c205f938bda367ad2a linuxmint-17.3-mate-64bit.iso
e61ed8f5df9283e86926fb7c414f36f7649ce716517093807a193aaf7d396bb8 linuxmint-17.3-cinnamon-nocodecs-32bit.iso
c149f3f57275e5d64bf0401d12eff5d021b92688dbd21cdbb4111cb3415eda17 linuxmint-17.3-cinnamon-nocodecs-64bit.iso
ba6c4f3e70929f3e90d03fb3063892085b7a0e829579dc0f48723e94a2bc6570 linuxmint-17.3-mate-nocodecs-32bit.iso
71604ef7479855213ae044e4c896f38249ea4bc567f0013bd0157080f3130941 linuxmint-17.3-mate-nocodecs-64bit.iso
48d82518a73962f9b5d9d61383a90132b64ee6fa489a67547468c136c8a27bfd linuxmint-17.3-cinnamon-oem-64bit.iso
694bf952d68eb5a69560a756e578d85531be1498b08dd30aee6919c9139a7434 linuxmint-17.3-mate-oem-64bit.iso
be64bf240a47df03fedca1b8aeb9357896e3dedd55446a0f87eca4f638c9d28c linuxmint-17.3-kde-32bit.iso
aa33bf286e92556163c335b258fe5cbd9f65f4ab8490e277fed94cf20d3920e4 linuxmint-17.3-kde-64bit.iso
cebff34e99b071d7237d2cfd2e24719f5a72e9e499a82d424007e850befc755b linuxmint-17.3-xfce-32bit.iso
83c1796a37582bdea74117193cef369582d72093fd0b5278ae03016bd8685b04 linuxmint-17.3-xfce-64bit.iso

And if you haven't "embraced the hex", it's 2016, say hello
to the hexadecimal number system :-)

Have fun,
Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)