Tags Posts tagged with "Linux"


Are you also the one who downloaded Linux Mint on February 20th? You may have been Infected!
Linux Mint is one of the best and popular distros available today, but if you have downloaded and installed the operating system recently you might have done so using a malicious ISO image.
Here’s why:
Last night, Some unknown hacker or group of hackers had managed to hack into the Linux Mint website and manipulated the download links on the site that pointed to one of their servers offering a malicious ISO images for the Linux Mint 17.3 Cinnamon Edition.

“Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it,” the head of Linux Mint project Clement Lefebvre said in a surprising announcement dated February 21, 2016.

Who are affected?

As far as the Linux Mint team knows, the issue only affects the one edition, and that is Linux Mint 17.3 Cinnamon edition.
The situation happened last night, so the issue only impacts people who downloaded the above-mentioned version of Linux Mint on February 20th.
However, if you have downloaded the Cinnamon edition or release before Saturday 20th, February, the issue does not affect you. Even if you downloaded a different edition including Mint 17.3 Cinnamon via Torrent or direct HTTP link, this does not affect you either.

What had Happened?

Hackers believed to have accessed the underlying server via the team’s WordPress blog and then got shell access to www-data.
From there, the hackers manipulated the Linux Mint download page and pointed it to a malicious FTP (File Transfer Protocol) server hosted in Bulgaria (IP:, the investigative team discovered.
The infected ISO images installed the complete OS with the Internet Relay Chat (IRC) backdoorTsunami, giving the attackers access to the system via IRC servers.
Tsunami is a well-known Linux ELF trojan that is a simple IRC bot used for launching Distributed Denial of Service (DDoS) attacks.

Hackers Re-gained Access to Linux Mint Website

However, the Linux Mint team managed to discover the hack, cleaned up the links from their website quickly, announced the data breach on their official blog, and then it appears that the hackers compromised its download page again.
Knowing that it has failed to eliminate the exact point of entry of hackers, the Linux Mint team took the entire linuxmint.com domain offline to prevent the ISO images from spreading to its users.
The Linux Mint official website is currently offline until the team investigates the issue entirely. However, the hackers’ motive behind the hack is not clear yet.

“What we don’t know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this,” Lefebvre added.

Hackers Selling Linux Mint Full Website’s Database Online for $85

The hackers are selling the Linux Mint full website’s database for a just $85, which shows a sign of their lack of knowledge.
The hack seems to be a work of some script kiddies or an inexperienced group as they opted to infect a top-shelf Linux distro with a silly IRC bot that is considered to be outdated in early 2010. Instead, they would have used more dangerous malware like Banking Trojans.
Also, even after the hack was initially discovered, the hackers re-compromised the site, which again shows the hackers’ lack of experience.

Here’s What You Can Do

Users with the ISO image can check its signature in an effort to make sure it is valid.
To check for an infected download, you can compare the MD5 signature with the official versions, included in Lefebvre’s blog post.
If found infected, users are advised to follow these steps:
  • Take the computer offline.
  • Backup all your personal data.
  • Reinstall the operating system (with a clean ISO) or format the partition.
  • Change passwords for sensitive websites and emails.
You can read full detail about the hack here. The official website is not accessible at the time of writing. We’ll update the story when we hear more.

Linux skills are in hot demand, even as Linux server revenue evaporates into “Other.”

According to a new Dice report, the Linux job market remains sizzling hot. Nearly every single hiring manager surveyed (97%) expects to hire more Linux talent relative to other skills areas in the next six months.

In fact, Linux jobs growth outpaces Linux server growth.

While IDC pegs Linux server market share at 28.5% in early 2014, a climb of 4.5% over the previous year, market share doesn’t tell the whole story behind Linux jobs growth. To understand the continued rise in demand for Linux professionals, it’s important to look beyond revenue-based market share.

Demand, meet supply

According to the joint survey conducted by Dice and the Linux Foundation, virtually everyone wants to hire Linux professionals. And not just a smattering of hires here and there: 50% of those surveyed indicate that they expect to hire even more Linux pros in 2015 than they did in 2014.

(The last time the Linux Foundation released numbers, 77% of hiring managers wanted to find Linux talent in 2014, up from 70% in 2013.)

Demand has reached a fever pitch, making it hard to find and retain qualified people. As the report notes:

  • Hiring managers are still struggling to find professionals with Linux skills, with 88% reporting that it’s “very difficult” or “somewhat difficult” to find these candidates.
  • 70% of hiring managers say their companies have increased incentives to retain Linux talent, with 37% offering more flexible work hours and telecommuting, and 36% increasing salaries for Linux pros more than in other parts of the company.

Small wonder, then, that 55% of Linux professionals believe it will be “very easy” or “fairly easy” to score a new job in 2015.

All of this demand for Linux talent is set against the backdrop of continued battles between Microsoft Windows and Linux for market share. Here, Microsoft continues to dominate, claiming 45.7% of factory revenue in early 2014 by IDC estimates. Paid Linux servers, as mentioned, accounted for 28.5% of the total market.

Which doesn’t tell the full story, of course.

A new kind of server vendor

As ever, counting vendor revenue understates the true impact of Linux (and other open source offerings). The biggest growth driver in the server market is the cloud, but it’s revenue that doesn’t readily show up on vendors’ income statements.

For example, Facebook, Amazon, or Google may purchase from whitebox server vendors in Taiwan, but are they buying Linux servers? Not really. They’re buying servers and then provisioning them according to their precise specifications.

I’m not sure IDC and others have a way of accounting for such shipments, despite their huge impact on the market (and on Linux jobs). We can count the number of motherboard shipments (9.3 million shipments in 2014) from ODMs, and we can assume that most of these will end up as Linux servers (at places like Facebook and Twitter), but they’re not going to count toward IDC’s revenue-based market share numbers, and they don’t really count toward any measure of Linux vs. Windows market share I’ve seen.

And yet they’re hugely important, and becoming more so every day.

Important, in part, because they’re having a deflationary impact on name-brand server sales, even as they expand the need for Linux talent. As ZDNet’s Larry Dignan describes:

“The cloud ultimately means fewer servers to sell. Virtualization means even fewer boxes sold. The cloud service providers are going white box with contract equipment manufacturers. Sure, integrated systems from the likes of Cisco are doing well, but that’s a higher end market that isn’t likely to scale.”

Ultimately, the global server market is Linux’s to lose, regardless of what revenue breakdowns suggest.

Linux in the cloud

According to Gartner data, server veterans like IBM and HP continue to slide as the Amazons of the world dump the name brands and build with “Other” vendors (ODMs/OEMs in Asia-Pacific). These so-called “whitebox” vendors that make up the “Other” category now account for 44% of all server shipments and 26.7% of revenue.

These “Other” vendors are selling Linux jobs, even if they’re not always selling Linux servers (at least, as measured by paid Linux distributions like Red Hat Enterprise Linux).

Not surprisingly, 49% of Linux professionals believe open cloud will be the biggest growth area for Linux in 2015, according to the Dice report. While these Linux pros are thinking about OpenStack and CloudStack when they make that prophecy, the reality is more subtle.

The cloud is eating the traditional server vendor. In the future, it’s very likely that we’ll talk more than ever for the crushing need for Linux expertise in the job market, without there being much of a paid Linux server market to speak of.

A critical vulnerability in glibc, a core Linux library, can be exploited remotely through WordPress and likely other PHP applications to compromise Web servers.

The buffer overflow vulnerability, dubbed Ghost, was reported Tuesday by researchers from security vendor Qualys. It is identified as CVE-2015-0235 in the Common Vulnerabilities and Exposures database.

The bug is located in the gethostbyname*() functions of the glibc (GNU C Library) version 2.17 and older. It was fixed in glibc-2.18, released in May 2013, but it wasn’t flagged as a security vulnerability at the time.

As a result, some Linux distributions, especially those developed for long-term support, did not backport the patch and were still using vulnerable glibc versions when the Qualys researchers identified the security implications of the bug during a code audit.

The buffer overflow in glibc was found in the __nss_hostname_digits_dots() function; that particular function is used by the _gethostbyname function call. PHP applications such as WordPress also use the gethostbyname() function wrapper, which expands the scope of the vulnerability even as Linux distributions roll out patches.

“An example of where this could be a big issue is within WordPress itself: it uses a function named wp_http_validate_url() to validate every pingback’s post URL,” wrote Sucuri research Marc-Alexandre Montpas in an advisory published Wednesday. “And it does so by using gethostbyname(). So an attacker could leverage this vector to insert a malicious URL that would trigger a buffer overflow bug, server-side, potentially allowing him to gain privileges on the server.”

Until now, the only a proof-of-concept was built against the Exim mail transfer agent (MTA). Experts agree that such an exploit would have to climb some significant hurdles.

“The exploitation depends on being able to convince a program to perform a DNS lookup of a host name provided by the attacker,” said researcher Michal Zalewski said. “The lookup has to be done in a very particular way and must lack a couple of commonly-employed (but certainly not mandatory) sanity checks.”

The vulnerability affects glibc 2.2 through 2.17, but was patched in May 2013, though the patch was not labeled a security vulnerability and as a result may not have been widely deployed. Several other mitigations have been made public. Exim, clockdiff, procmail and pppd have been identified as vulnerable to Ghost exploits.

“This is a very critical vulnerability and should be treated as such,” Montpas said. “If you have a dedicated server or VPN running Linux, you have to make sure you update it right away.”

Montpas provided test PHP code admins can run on a server terminal; if the code returns a segmentation fault, the Linux server is vulnerable to Ghost:

php -r ‘$e=”0″;for($i=0;$i<2500;$i++){$e=”0$e”;} gethostbyname($e);’
Segmentation fault

Patching Ghost in Linux systems figures to be a bit more streamlined than the Bash vulnerability affecting Linux, UNIX and Mac OS X systems last fall, with experts suggesting that patches from the respective Linux distributions followed by a system reboot should take care of the issue. So far, Debian 7, Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7 and Ubuntu 12.04 were running vulnerable versions glibc; all have released updates.

“To be clear, this is NOT the end of the Internet as we know it, nor is it another Heartbleed. In a general sense, it’s not likely to be an easy bug to exploit,” said Rapid7 CSO and Metasploit creator HD Moore. “Still, it could potentially be nasty if exploited so we strongly recommend immediate patching and rebooting.  Without a reboot, services using the old library will not be restarted.”

On 12 Oct, the notorious Syrian Electronic Army (SEA) posted an interesting tweet.

Soon.. #SEANux: A Linux distribution by the Syrian Electronic Army. #SEA

If you haven’t been following the antics of the SEA then they’re the group of hackers who have made the headlines many times in the last year or so for some fairly basic phishing attacks against media organisations and others who have earned their wrath.

Lots of Linux distributions are offered free of cost on the Internet by a number of companies, non-commercial organizations and by many individuals as well, and now, the notorious Syrian Electronic Army (SEA) has announced their own Linux distribution known as SEANux.

A Linux distribution is a coordinated collection of software consisting of a customized version of the kernel together with hundreds of open source (i.e., free) utilities, installers, programming languages and application programs. Some of the most popular distributions are Fedora (formerly Red Hat), SuSE, Debian, Ubuntu, Kali Linux, Tails OS and Mint Linux.

SEA (Syrian Electronic Army)
The hackers, who claim to be supporters of the Assad regime in Syria, made a name for themselves by managing to snaffle ownership of the social media accounts of various media outlets including The Guardian, ITV, The Telegraph, theWashington Post, Viber, Skype, PayPal, Thomson Reuters, and most recently Forbes, amongst many others.

Which raises the obvious question. If the SEA can be taken seriously with their tweet (and that is a fair question, as it’s quite possible that they are pulling people’s legs), then would you *ever* trust an operating system released by them?

After all, they’ve proven themselves to be untrustworthy and downright criminal with their past antics – so it wouldn’t be a momentous surprise if any software that they did release came complete with a few backdoors, or – failing that – some privacy concerning “bugs”.

For now, consider me skeptical of SEANux. After all, back in early 2012 the so-called AnonymousOS was released, a purported new operating system from the Anonymous collective – only to reportedly be found ridden with trojan horses.

And while we’re on the subject of who should we trust, let’s not forget this. Back in January visitors to the Syrian Electronic Army’s own website saw some unusual messages, after Turkish hackers used an SEA-like trick to deface it with their own messages.

We are expecting “SEANux” to be a mixture of Tails and Kali Linux, with lots of pre-installed hacking and Privacy tools. But I would doubt about the integrity of this new operating system SEANux – Linux distribution from the SEA, until we get a clean chit from the Infosec community after its release.
It wouldn’t be a shock or a surprise if SEANux comes with a few backdoors or some privacy concerning malwares hidden in it. As in 2012, Anonymous groups of hackers released an operating system called ANonymous-OS, which was later found to be as a backdoored Operating System.
So, we recommend you to install this Operating System only on a virtual machine, so that your important credentials and data remains on a safer side.
SEANux slogan says “Power Up.. Your Performance.” Now the question rises that what kind of performance they actually want to point out. Is that Power up your system performance? or Power up your hacking skills? or Power up your Social Engineering tactics? as most of their targets included social media sites. But, at this moment we can only assume, until they release more details on it.
If I talk generally, in our community, i.e. Infosec community, we majorly have three types of Operating System distributions, as follows:
  • Linux OS for Penetration testing and Hacking – like Backtrack or Kali Linux which comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security.
  • Forensic OS – Operating System which comes with pre-installed digital forensic tools for testing and security purpose.
  • An Anonymous OS – Operating Systems like Tails which keeps it users tracks clear. Tails provides users’ anonymity and privacy, and was reportedly used by the Global surveillance Whistleblower Edward Snowden in discussions with journalists because it includes a range of tools for protecting your data by means of strong encryption.

Everybody says that Linux is secure by default and agreed to some extend (It’s debatable topics).However, Linux has in-built security model in place by default. Need to tune it up and customize as per your need which may help to make more secure system. Linux is harder to manage but offers more flexibility and configuration options.

Securing a system in a production from the hands of hackers and crackers is a challenging task for a System Administrator. This is our first article related to “How to Secure Linux box” or “Hardening a Linux Box“. In this post We’ll explain 25 useful tips & tricks to secure your Linux system. Hope, below tips & tricks will help you some extend to secure your system.