Backdoor

[kc1di]

This page maybe illuminating :

Chinese hackers target Linux with new WolfsBane malware

A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group.

www.bleepingcomputer.com

 

[Aristarchus]

Software. I'm running Qubes on my old laptop. Not really smooth but it feels secure. It's hard to believe that checksums are compromised.

There is this very popular distro that has really weird approach to the security. In 2011 someone hacked official distro site and manipulated isos and checksums links. In effect hundreds of people downloaded backdoored isos that checked against checksums also dowloaded from the same site. Eventually person who hacked distro site had a pity on distro users and publicly disclosed what happened otherwise this situation would go on for who knows long time (this is ridiculous but maintainer did not learn much from the mishap and site was hacked few times more).

And yes, Qubes is the only (relatively) secure OS although not Linux. Not counting read only kiosks.

 

[linux_pi]

There is this very popular distro that has really weird approach to the security. In 2011 someone hacked official distro site and manipulated isos and checksums links. In effect hundreds of people downloaded backdoored isos that checked against checksums also dowloaded from the same site. Eventually person who hacked distro site had a pity on distro users and publicly disclosed what happened otherwise this situation would go on for who knows long time (this is ridiculous but maintainer did lot learn much from the mishap and site was hacked few times more).

And yes, Qubes is the only (relatively) secure OS although not Linux. Not counting read only kiosks.

Oh. I've heard of many stories like this one. Are you talking about Mint? It's kinda scary that due to the distro's security issues can lead to your issues directly related to your information and computer. When I was burning the iso file of Kali, I found many backdoors in the iso file itself. However, I'm not sure why it wasn't recognized earlier when I downloaded it.

 

[MikeRocor]

I don't know if it counts as a "back door" - really more of a "front door", I suppose - but whenever I install linux on my personal machines, one of the first orders of business is to setup sshd with key authentication. Mind you, none of these machines are currently directly accessible from the internet (mainly because my ISP sucks). Remote access has helped me out of tight spots occasionally:

I have one little netbook that I can't stop the screen from blanking after some length of idle time. But, about half the time, the GUI crashes when I go to wake it up. If I'm at home when this happens, I can log in from another PC and restart X. (Alas, I'm usually not at home so I have to be careful to not let it be idle.)

If the power goes out, I have a nice big UPS - but not so big that I can have every system's monitor on it. But I can log in via ssh and shut each box down at least semi gracefully. I have one old server that is headless to start with - that's the one that prompted me to learn how to set the whole mess up correctly in the first place.