Linux Mint security breach cause for much discussion.

The recent security breach on the Linux Mint website shows that updating a WordPress website regularly is very important. This breach allowed malicious attackers to compromise the Mint website and change download links to point to Linux Mint ISO images that contained extra files. Therefore, the people using these ISO`s would have been using a sub-standard installation of Linux Mint. One problem is using MD5 signatures to identify the ISO images as being legitimate. Something like SHA would be far superior. Another obvious point is updating a WordPress site must be done as soon as the new version/patch comes out, do not wait to be compromised. MD5 is vulnerable, it is possible to create two different files with the the same signature. Therefore, it would be possible to swap an ISO on a server with a new one and still have the same MD5 signature using an MD5 collision. Better to use SHA-256 or SHA-512. These are recommended hashing algorithms for securely signing files to be sent online.

The Linux distributions such as Linux Mint, it`s parent distribution Debian and Ubuntu are secure, but the hosting services that provide these distributions need to take security more seriously. Performing a security audit on your website with tools such as Nikto or hiring a penetration tester to test the security of your website software would be the most important method of identifying vulnerabilities and taking care of them. I cannot believe that Clem is still using MD5 hashing. Is he still living in 2002? He really needs to move into 2016 if he is to be taken seriously. That is why I am running Debian 8.1 on my laptop instead of Mint. It is more like traditional Linux and I can still install the MATE desktop environment and have a nice GUI environment. So, website security is very important, this must be maintained by the administrator every day. Always check your website for software updates on the management panel and install these updates straight away.

Here is a link to a paper explaining more http://www.win.tue.nl/~bdeweger/CollidingCertificates/ddl-full.pdf. This is an interesting method for exploiting a site that still uses such an outdated method of digitally signing files. Everyone should have moved on by now. Need more reasons to move away from MD5 hashing?

https://www.kb.cert.org/vuls/id/836068.

I still love running Linux though, installing the 4.5 kernel was fun, I downloaded the source from kernel.org and built it on my Debian laptop. After booting into the new kernel, I now have a nice shiny 4.5 vanilla kernel. The only problem was that after building and installing the kernel and running this command to prepare the source for installation into /usr/src:

sudo make clean prepare

And then copying the source tree to /usr src, it could not find the kernel source when trying to run VMware.

The solution was updating the symlinks in /lib/modules/ to point to the new location of the kernel source.

[email protected]:~# ls -ilhu /lib/modules/4.5.0-rc3-john/
total 3.7M
20578375 lrwxrwxrwx  1 root root   22 Feb 21 22:49 build -> /usr/src/linux-4.5-rc3
20578764 drwxr-xr-x 11 root root 4.0K Feb 22 09:26 kernel
20579300 drwxr-xr-x  2 root root 4.0K Feb 22 09:26 misc
20579307 -rw-r--r--  1 root root 922K Feb 22 09:27 modules.alias
20579308 -rw-r--r--  1 root root 884K Feb 22 09:27 modules.alias.bin
20581278 -rw-r--r--  1 root root 3.4K Feb 22 09:27 modules.builtin
20579312 -rw-r--r--  1 root root 4.8K Feb 22 09:27 modules.builtin.bin
20579305 -rw-r--r--  1 root root 354K Feb 22 09:27 modules.dep
20579306 -rw-r--r--  1 root root 486K Feb 22 09:27 modules.dep.bin
20579313 -rw-r--r--  1 root root  402 Feb 22 09:27 modules.devname
20581272 -rw-r--r--  1 root root 115K Feb 22 09:26 modules.order
20579309 -rw-r--r--  1 root root  176 Feb 22 09:27 modules.softdep
20579310 -rw-r--r--  1 root root 429K Feb 22 09:27 modules.symbols
20579311 -rw-r--r--  1 root root 533K Feb 22 09:27 modules.symbols.bin
20578598 lrwxrwxrwx  1 root root   22 Feb 21 22:49 source -> /usr/src/linux-4.5-rc3

So, this is one thing to check if the kernel installation does not allow the compilation of drivers against the running kernel.

2 responses to “Linux Mint security breach cause for much discussion.

Leave a Reply