Linux Mint website hacked, hackers replace ISOs with modified versions planted with a backdoor
46 replies, posted
[QUOTE=subenji99;49797409]Anyone that thinks Linux is secure needs reminding that Android is on top of a linux kernel. Linux based OS variants absolutely can have viruses and absolutely can be exploited for root access.[/QUOTE]
Android is heavily reliant on Java, and Java is only 1-upped in malware attack vectors by flash.
It's almost a miracle it's as secure as it is.
Also malware creators love to especially target arrogant and tech illiterate people, just check out the explosion in OSX and iOS malware.
Desktop Linux gets most of its security from the fact that no one [I]bothers[/I] to write viruses for it given the low market share and relative tech-savviness of its userbase, the diversity of used systems (it's already moderately hard to build software for Linux desktops that users [I]want[/I] to run and will work on anything with only one binary and configuration). It doesn't have much to do with its code quality or security model - apart from the fact that most Linux systems have reasonable privilege separation (rather than everything running as admin).
[QUOTE=Van-man;49797638]Android is heavily reliant on Java, and Java is only 1-upped in malware attack vectors by flash.[/QUOTE]
Neither the Java language nor the standard library specification are particularly insecure. The vulnerabilities are always in Oracle's reference implementation, which Android doesn't use.
Nobody is saying linux is immune to viruses, no system is. Its just not particularly easy or fruitful to do so. Its why frankly, I don't want windows to "lose" to linux. I want windows to stay on top right where it is. I still want linux to [I]improve,[/I] and I want linux to become a viable do-anything platform, but I don't want it to become king. Let windows take that crown and thus, the brunt of the malware developed.
Remember when apple claimed OS-X didn't have viruses and a shitload of macs were, at the time, infected with malware.
Good times.
[QUOTE=Matthew0505;49797487]The kernel security doesn't help when apps are coded in Java, or when there's a clusterfuck of manufacturers giving updates 2 years late.[/QUOTE]
[QUOTE=Van-man;49797638]Android is heavily reliant on Java, and Java is only 1-upped in malware attack vectors by flash.
It's almost a miracle it's as secure as it is.
Also malware creators love to especially target arrogant and tech illiterate people, just check out the explosion in OSX and iOS malware.[/QUOTE]
You should look into how Android phones are rooted before making assumptions. Nothing to do with Java, including either Dalvik or ART. Low-level bootloaders are reverse engineered, Chroot jails are broken, protected read only partitions are written to, system binaries are exploited. The Java environment is generally tougher to break due to some heavy duty sandboxing - most attack vectors in that direction are manipulating the end user to install from unknown sources and then grant the malware permissions.
[QUOTE=subenji99;49798886]You should look into how Android phones are rooted before making assumptions. Nothing to do with Java, including either Dalvik or ART. Low-level bootloaders are reverse engineered, Chroot jails are broken, protected read only partitions are written to, system binaries are exploited. The Java environment is generally tougher to break due to some heavy duty sandboxing - most attack vectors in that direction are manipulating the end user to install from unknown sources and then grant the malware permissions.[/QUOTE]If you have access to hardware you can hack mostly anything, that is not how most viruses are acquired.
[QUOTE=subenji99;49798886]You should look into how Android phones are rooted before making assumptions. Nothing to do with Java, including either Dalvik or ART. Low-level bootloaders are reverse engineered, Chroot jails are broken, protected read only partitions are written to, system binaries are exploited. The Java environment is generally tougher to break due to some heavy duty sandboxing - most attack vectors in that direction are manipulating the end user to install from unknown sources and then grant the malware permissions.[/QUOTE]
I'm not even talking about achieving root, rather exploiting a minor general flaw combined with usual 'social engineering' a end-user who isn't the brightest.
Clearly neither of you have dealt with any serious malicious Android malware.
The first thing it tries to do is get root.
If it does that, it'll lodge itself in the system and recovery partitions and you best hope you know someone who can clean wipe and reflash the whole phone from stock images.
So root exploits are important, especially on a malware standpoint. Even when the target is your average facebook addict.
Lotta rehashing of old conversations in this thread...
Seriously though, if you're going to download any Linux distro, do it via torrent. This saves on donated/paid bandwidth and also prevents host exploits on potentially ancient/weakly-constructed sites from affecting you as well.
[QUOTE=Flussmann;49801756]Lotta rehashing of old conversations in this thread...
Seriously though, if you're going to download any Linux distro, do it via torrent. This saves on donated/paid bandwidth and also prevents host exploits on potentially ancient/weakly-constructed sites from affecting you as well.[/QUOTE]
Also, from my experience, its usually faster than the hosted sites anyway. I only use them if torrents aren't an option, like work.
[QUOTE=Flussmann;49801756]Lotta rehashing of old conversations in this thread...
Seriously though, if you're going to download any Linux distro, do it via torrent. This saves on donated/paid bandwidth and also prevents host exploits on potentially ancient/weakly-constructed sites from affecting you as well.[/QUOTE]
MODS MODS MODS
[sp]jk, well as long as its not redhat[/sp]
[QUOTE=Flussmann;49801756]Lotta rehashing of old conversations in this thread...
Seriously though, if you're going to download any Linux distro, do it via torrent. This saves on donated/paid bandwidth and also prevents host exploits on potentially ancient/weakly-constructed sites from affecting you as well.[/QUOTE]
It also helps with crappy internet connections as you can easily resume if your connection breaks. I wish more sites used torrents to deliver goods.
[QUOTE=Flussmann;49801756]Lotta rehashing of old conversations in this thread...
Seriously though, if you're going to download any Linux distro, do it via torrent. This saves on donated/paid bandwidth and also prevents host exploits on potentially ancient/weakly-constructed sites from affecting you as well.[/QUOTE]
They could've just as easily replaced the torrent files/magnet links.
[QUOTE=DrTaxi;49802268]They could've just as easily replaced the torrent files/magnet links.[/QUOTE]
They'd need seedboxes and lots of zombie seeders/leechers to not look suspicious.
Sorry, you need to Log In to post a reply to this thread.