Virus or Trojan on archive.palemoon.org ?
Moderators: FranklinDM, Lootyhoof
-
- Board Warrior
- Posts: 1651
- Joined: 2018-06-08, 17:02
Re: Virus or Trojan on archive.palemoon.org ?
Thank you (sha256) .
-
- Board Warrior
- Posts: 1878
- Joined: 2015-09-30, 23:02
- Location: uk.
Re: Virus or Trojan on archive.palemoon.org ?
https://www.ghacks.net/2019/07/11/pale- ... nt-4416928
Hornets have already started stinging in this thread sadly.
Hornets have already started stinging in this thread sadly.
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup.....
Pale moon 29.4.1
Pale moon 29.4.1
Re: Virus or Trojan on archive.palemoon.org ?
Well there is nothing that can be done except make damn sure nothing like this happens again. I am not gonna read the comments though.
I am sure we will see it referenced for years to come on every piece of Pale Moon post on ghacks ever.
I am sure we will see it referenced for years to come on every piece of Pale Moon post on ghacks ever.
-
- Knows the dark side
- Posts: 5174
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: Virus or Trojan on archive.palemoon.org ?
I have never used the archive server. I've always used the main distribution channels. I also don't use the internal updater to go from an older version of Pale Moon to the newest version of Pale Moon. I always uninstall (in Windows 7) the previous version and then install the newest version. Takes take me all of three minutes of time, but I prefer this method over the internal updater (in Windows 7).
In Windows 7, I'm always using the main distribution channel and in my case the Americas, I also put the previous and newest versions of Pale Moon on three thumb/flash drives in the event if I have to go back to a previous version, I've got it. I use my thumb/flash drives for this instead of the archive server. And I've been using this method since the year 2011.
I do a slightly different method for linux Pale Moon since in my linux Mint (Xfce), my linux Pale Moon is never installed. I run linux Pale Moon from the executable file and I create the linux Pale Moon launcher icon. So in linux Pale Moon the previous version of the linux Pale Moon tarball is saved to those three thumb/flash drives as well.
Would this "hack" of the archive server make me quit using Pale Moon? The simple answer is "No". Speaking just for myself; Pale Moon is easy to customize and I prefer Pale Moon over Chrome, Firefox, Brave, Vivaldi and Opera when it comes to choosing a default browser.
And I will close by saying I'm not a power user in either Linux or Windows 7.
In Windows 7, I'm always using the main distribution channel and in my case the Americas, I also put the previous and newest versions of Pale Moon on three thumb/flash drives in the event if I have to go back to a previous version, I've got it. I use my thumb/flash drives for this instead of the archive server. And I've been using this method since the year 2011.
I do a slightly different method for linux Pale Moon since in my linux Mint (Xfce), my linux Pale Moon is never installed. I run linux Pale Moon from the executable file and I create the linux Pale Moon launcher icon. So in linux Pale Moon the previous version of the linux Pale Moon tarball is saved to those three thumb/flash drives as well.
Would this "hack" of the archive server make me quit using Pale Moon? The simple answer is "No". Speaking just for myself; Pale Moon is easy to customize and I prefer Pale Moon over Chrome, Firefox, Brave, Vivaldi and Opera when it comes to choosing a default browser.
And I will close by saying I'm not a power user in either Linux or Windows 7.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
-
- Pale Moon guru
- Posts: 35647
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Virus or Trojan on archive.palemoon.org ?
I'm wearing my scale mail suit today and have made sure to seal all obvious hornet-sized openings.
Of course the fanbois are trying to make more of a stink out of it than it should be. And of course they will continue to reference it because oh noes, we're not perfect. Heck, the reason this happened to begin with is not even because we did anything wrong, but because an assumed-safe environment provided by a third party turned out not to be.
I'll draw an analogy for all the people who missed the details of the situation:
Compare it to living in an apartment building. You assume your apartment is safe because the door locks, and you always make sure to lock it and keep the key safely in your pocket. The building has a more secure entrance with a door that can't possibly be breached/picked open.
Now imagine having a break-in from either one of your fellow tenants because the lock on your apartment door is busted or crappy, or the landlord who just lets himself in with the master key. Whose fault would that be? Yours or the landlord's (in both cases)?
To continue the analogy: I've moved out of the building as a result, and will move to a building where I have known and trusted the landlord for many years.
Of course the fanbois are trying to make more of a stink out of it than it should be. And of course they will continue to reference it because oh noes, we're not perfect. Heck, the reason this happened to begin with is not even because we did anything wrong, but because an assumed-safe environment provided by a third party turned out not to be.
I'll draw an analogy for all the people who missed the details of the situation:
Compare it to living in an apartment building. You assume your apartment is safe because the door locks, and you always make sure to lock it and keep the key safely in your pocket. The building has a more secure entrance with a door that can't possibly be breached/picked open.
Now imagine having a break-in from either one of your fellow tenants because the lock on your apartment door is busted or crappy, or the landlord who just lets himself in with the master key. Whose fault would that be? Yours or the landlord's (in both cases)?
To continue the analogy: I've moved out of the building as a result, and will move to a building where I have known and trusted the landlord for many years.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Board Warrior
- Posts: 1651
- Joined: 2018-06-08, 17:02
Re: Virus or Trojan on archive.palemoon.org ?
The article was very well written & balanced.Hornets have already started stinging in this thread sadly.
Likewise, I too will simply ignore the comments.
-
- Board Warrior
- Posts: 1325
- Joined: 2015-09-08, 22:54
- Location: 127.0.0.1
Re: Virus or Trojan on archive.palemoon.org ?
The only other thing I can think of is using a Windows server. (Honestly though, plenty of people use Windows servers connected to the internet without a problem, so I doubt that the choice of OS was a factor here.)
Who was the previous VPS provider for the archive server?
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
-
- Pale Moon guru
- Posts: 35647
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Virus or Trojan on archive.palemoon.org ?
I already stated that in my report: Frantech/BuyVM
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Board Warrior
- Posts: 1411
- Joined: 2019-05-20, 20:07
- Location: New England
Re: Virus or Trojan on archive.palemoon.org ?
@Moonchild:
So, in other words, sometimes your flat falls flat?
So, in other words, sometimes your flat falls flat?
-
- Moon Magic practitioner
- Posts: 2986
- Joined: 2015-09-26, 04:51
- Location: U.S.
Re: Virus or Trojan on archive.palemoon.org ?
Moonchild, thank you for providing the list of hashes, and thanks to therube for requesting them.
Would you consider adding a link to the list on pastebin to the Data breach post-mortem, under "How do I verify my downloaded files are clean?" - that's where people who don't already know the location of the list would most likely look for such information.
Update: It seems the link has been added. Thank you, Moonchild.
Would you consider adding a link to the list on pastebin to the Data breach post-mortem, under "How do I verify my downloaded files are clean?" - that's where people who don't already know the location of the list would most likely look for such information.
Update: It seems the link has been added. Thank you, Moonchild.
Re: Virus or Trojan on archive.palemoon.org ?
Thinking about the infection date in 12.17 it came to my mind that I've downloaded 14 of the portable .exe's on the hash list end of March this year!
I've definitely worked with 7 of them within April several days.
I have win10 with active defender, there was never any occurrence nor with malwarebytes monthly scans since then.
All this leads me to think, the timestamp was manipulated as well and the infection was actually later than March this year.
Does all this make sense?
I've definitely worked with 7 of them within April several days.
I have win10 with active defender, there was never any occurrence nor with malwarebytes monthly scans since then.
All this leads me to think, the timestamp was manipulated as well and the infection was actually later than March this year.
Does all this make sense?
-
- Add-ons Team
- Posts: 582
- Joined: 2017-01-14, 02:40
- Location: Philippines
Re: Virus or Trojan on archive.palemoon.org ?
I also have the same suspicion as yours. I downloaded a few older portables last year while preserving the modified time from the server:
Code: Select all
Palemoon-Portable-20.0.1.exe, modified: 08/01/2015 11:08:50 AM, downloaded: 11/19/2018, 8:49:37 PM
Palemoon-Portable-26.5.0.win32.exe, modified: 09/28/2016 12:01:28 PM, downloaded: 09/05/2018 4:44:52 PM
Palemoon-Portable-27.5.0.win32.exe, modified: 09/30/2017 2:29:10 PM, downloaded: 08/26/2018 7:40:33 PM
-
- Pale Moon guru
- Posts: 35647
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Virus or Trojan on archive.palemoon.org ?
Thanks for that. I'll update the report accordingly.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Board Warrior
- Posts: 1325
- Joined: 2015-09-08, 22:54
- Location: 127.0.0.1
Re: Virus or Trojan on archive.palemoon.org ?
Wow, that's much better news than previously. Thanks for the update!
Edit: I commented about the update on the ghacks article about the hack. Hopefully it got submitted correctly and Martin updates the article. It probably won't shut up the comment hyenas, though.
Edit: I commented about the update on the ghacks article about the hack. Hopefully it got submitted correctly and Martin updates the article. It probably won't shut up the comment hyenas, though.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Re: Virus or Trojan on archive.palemoon.org ?
This is exactly why I check all hashes if provided for a download and then scan it at Virus Total.
Should have rolled AWS S3. But it's your ship.
Should have rolled AWS S3. But it's your ship.
Re: Virus or Trojan on archive.palemoon.org ?
What are the chances the main update server that the built-in update facility in the browser its self gets infected next?
Re: Virus or Trojan on archive.palemoon.org ?
Unless it is top down as in someone controlling the node or even higher as in the datacenter its self.. None. They are secure linux servers. This kind of thing that happened required a specific set of circumstances and events that shall not be allowed to happen again.
If there was a lesson to be leared, and I am not saying there is, rest assured it was learned very well.
If there was a lesson to be leared, and I am not saying there is, rest assured it was learned very well.
Last edited by New Tobin Paradigm on 2019-07-12, 14:28, edited 2 times in total.
-
- Pale Moon guru
- Posts: 35647
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Virus or Trojan on archive.palemoon.org ?
I'm pretty sure I already explained why not. Do you have some vested interest in Amazon getting money from us on a volume-based service that can be abused in other ways?
Pretty much zero.F22 Simpilot wrote: ↑2019-07-12, 14:13What are the chances the main update server that the built-in update facility in the browser its self gets infected next?
Tell me though... are you now having trust issues with everything we do all of a sudden? Because it seems like you're blowing this way out of proportion.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Board Warrior
- Posts: 1411
- Joined: 2019-05-20, 20:07
- Location: New England
-
- Hobby Astronomer
- Posts: 25
- Joined: 2019-03-02, 08:44
Re: Virus or Trojan on archive.palemoon.org ?
A big thank you to everyone that has worked to get this resolved... I was not personally affected since I did not download old versions off the archive server, but a swift response nonetheless.