[TriLUG] Linux Mint Site Hacked

John Vaughters via TriLUG trilug at trilug.org
Mon Feb 22 13:25:47 EST 2016


> If anything, this was more an attack on the users rather than the OS... 
Very true, but let's think like a Crack Head.
Continuous stream software upgraded right after compiled or source loaded and compiled by the user. Does anyone REALLY check for back doors. Given a large enough user base, would it be so difficult to hide some code that could eventually get root access, stay hidden and create a stealth backdoor. That once penetrated to the concentration level needed could be part of a large network of compromised computers ready to do many types of attacks. If the distribution was large enough and the software was popular enough, you could launch the attack and start doing damage within hours and who really cares if it is noticed and shutdown, it's too late. Damage was done. 

A few years ago, 7 perhaps, yahoo was shutdown with denial of service attacks. So yes it is not an attack on the OS, but an attack none the less. Many Windows attacks are also user instigated. Probably the number one issue for all viruses are User instigated. But they can be just as dangerous. My Kids, mostly adults now, used to be the biggest source of virus attacks at my house, so much so they were all nicknamed after viruses at some point. Messages from ISP's to shutdown rouge spam servers, Backdoors galore, ransom software. Yes, all windows, but User instigated. Thankfully through removal of Windows and kids that can learn. I am done being a virus super hero. How much you learn from fighting viruses. Only once did I get beat by a ransom software that had to be re-imaged. I am still irritated I lost that battle. Not because I lost anything, but because they beat me. Changed the registry to not even allow safe mode and many other nasty system changes. There was only one reason I lost this battle, i did not have registry change logging. I got the same virus on a machine that had registry change logging and I was able to roll back everything. What a disaster. too many gorrie details and a lost weekend to boot. oops!!!!! tangent. OK you get it I'm still angry.

Linux is not immune to bad users, the Crack Heads have just not focused on it because the numbers do not pan out. I did have one process on a Fedora box that was cranking up my home WAN to the max and I never did identify what the traffic was, but I shut the process down and wiped it from the disk. I still have no idea how it got there. That is quite honestly the only POSSIBLE attack I have ever seen on a Linux box, but I cannot be sure if it was just a bad process mode or an actual attack. Linux immunity is primarily due to undesirable numbers of bad users that make the Crack Heads not spend their time. 

My preference is still slow development Centos and RedHat. But my world is server land and properly implemented Linux is still by far your best bet, but not immune. Nothing is immune. We all get the occasional Heartbleed, and sometimes we get BASHed. Sorry for the Puns `,~)
John Vaughters




  


More information about the TriLUG mailing list