Security Risks
|
| Author | Content |
|---|---|
| Fettoosh Mar 16, 2012 7:00 PM EDT |
This is getting real serious. Linux download and installation is now so trivial it could become a serious security risk. What prevents some hacker from creating anonymous internet sites and infect applications with Trojan Horse code to make it available for download? Nothing. Unless the download site is legitimate and genuinely identified with a CA, it shouldn't be trusted. Checksum does help, but I wonder if there is any way to verify sites before hand? |
| tracyanne Mar 16, 2012 7:38 PM EDT |
But Source Forge is supposed to be safe |
| gus3 Mar 16, 2012 8:22 PM EDT |
SourceForgery |
| Fettoosh Mar 16, 2012 8:43 PM EDT |
According to this, it was downloaded 26,000 times. Scary. http://crismblog.eu/news/the-truth-about-anonymous-os/ |
| tracyanne Mar 16, 2012 8:55 PM EDT |
Scary and very interesting. That's 26,000 people downloading something because it's Linux, and a damn obscure, as well as very new one at that. |
| Fettoosh Mar 16, 2012 9:31 PM EDT |
Quoting:But Source Forge is supposed to be safe Obviously It is not safe at all. One would think they have information about the owner(s)/maintainers of the project. |
| JaseP Mar 16, 2012 9:48 PM EDT |
OK,... Anyone downloading something ID'd as coming from Anonymous ... C'mon... Sourceforge is safe... They killed this thing inside of a day... |
| Fettoosh Mar 16, 2012 10:37 PM EDT |
Quoting:C'mon... Sourceforge is safe... They killed this thing inside of a day... I don't recall downloading any software form Source Forge, ever. But before I declare them safe, I would like to see what checks and safety guards they have in place. Even if it is only a small application, if anyone can create their own project and make it available for download without any identity check, then in my opinion, it is not safe. Remember, Linux requires root password to install apps. If a source can't be trust or verified, users are better off not downloading from it. |
| gus3 Mar 16, 2012 11:15 PM EDT |
Quoting:Linux requires root password to install apps.Only if you mount /home, /tmp, and /var/tmp with "noexec", and you launch Bash with "-r" for a restricted shell, for good measure. |
| Jeff91 Mar 18, 2012 2:01 AM EDT |
I'd think downloading an OS falls into the same line as downloading software for Windows - You need to know and trust the source you are getting the download from - otherwise you are just screwed xD ~Jeff |
| flufferbeer Mar 18, 2012 7:44 PM EDT |
pls delete this empty comment! |
| flufferbeer Mar 18, 2012 7:47 PM EDT |
@Fettoosh, TAILS is supposed to be a good Linus distro that strongly encourages secure downloading for installation. I don't think it is that popular though. 2c |
| skelband Mar 19, 2012 3:26 PM EDT |
One of the issues is likely to be the sheer size of what is on Sourceforge these days. How on earth can anyone police such a massive undertaking? |
| Fettoosh Mar 19, 2012 4:17 PM EDT |
Quoting:How on earth can anyone police such a massive undertaking? Well first off, they could mandate a verifiable registration information from anyone/entity that is planing to offer code for download. 2nd, they could obtain an assurance that the software does not contain any viruses or Trojans. If they violate the terms, legal action could be taken. Checksums could be used to determine whether the infecting code came with the original code or later ingested by someone else. |
| caitlyn Mar 19, 2012 9:02 PM EDT |
FWIW, Linux Tracker has now pulled Anonymous OS as well. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!