• [deleted]

  • Edited

My name is Mark Yates and I am new and glad to be here. There is however no time for chit chat right now. I highly suspect that our beloved Solus OS ISO has been compromised. I noticed oddly enough that my 1 way hash was shown to be an SHA1 Hash post install after I started having similar issues as English Bob was having.

Please check his channel to see what I'm referring too. It's title Solus Issues or something to that effect. I just wanted to alert you guys. Please do follow up with me on this soon if possible. This is huge.

I've a lot more to say and I hope to get SwitchedtoLinux Tom to talk about my experience with what I believe is the hidden wasp or a variant of it that has gotten into the Solus ISO and most likely many other popular distros. Is it okay if I post a link to a security article detailing the malware for other professionals like myself to examine?

Mod Edit: Formatting

    [deleted] I noticed oddly enough that my 1 way hash was shown to be an SHA1 Hash post install after I started having similar issues as English Bob was having.

    What exactly does this mean?

      I have verified all of our ISOs according to their SHA256 hash and they have not been altered on our primary mirror.

      I cannot find the video that you are referring to. I do not appreciate you making claims like this without providing sufficient evidence to back them up.

      I'm also seeing absolutely no evidence of this. All the ISOs have identical sizes, moddates, etc. The only thing that changed was months ago I updated the SIGN files with a renewed GPG / PGP key, and that doesn't change the ISOs themselves.

      Where's the evidence?

      Furthermore, I need proof that you are who you say you are. So far all I can tell is that you are hiding behind a protonmail email address.

      [deleted]

      I've a lot more to say and I hope to get SwitchedtoLinux Tom to talk about my experience with what I believe is the hidden wasp or a variant of it that has gotten into the Solus ISO

      So you're going around telling people there's been a compromise, without actually providing evidence of it?

      I noticed oddly enough that my 1 way hash was shown to be an SHA1 Hash post install after I started having similar issues as English Bob was having.

      That isn't actually possible unless you're explicitly running the wrong command. Our sha256sum is generated by literally running sha256sum <filename>.iso, and to generate the sha256sum file itself I'm doing sha256sum <filename.iso> > <filename>.iso.sha256sum. The sign files are generated using GPG. I validated that these signed files available on our server are provided by us and generated by my key, which has not been compromised, as such signage requires:

      1. You'd need my desktop's GNOME keyring and to unlock it. Which means physical access to my desktop. Which means being in my home.
      2. You would need my physical Yubikey as well as actually knowing the prefixed part of the password to unlock the keyring and the GPG agent, the later being something I only know.
      3. Building on point #1 and #2, I'd know if someone broke into my house.

        Nothing like a little FUD late in the evening to warm our hearts.

        Also people who are just a little bit serious contact the responsible via appropriate channels instead of posting on a forum saying something like please check this guy's channel and search for something named like this or something similar to see what I am talking about !

          Wow Kyrios, I had never noticed that (probably because I'd never wanted to use it). Good to know it's there though.

          Cursory research reveals English Bob is a y'tuber w/4800 subs, and one year ago he released a video about Solus called "Solus/Linux Security Blah Blah" (I forgot the rest). One can see Doherty barking at him in the comments like the old days🙂
          Anyway, I will bet an entire paycheck, without watching the vid, that rootkits never came up...you think someone would know by now, eh?

          My 2 cents? This thread-posting brought to you 100% by a concerned competitor who views Solus a threat.....
          (you see this in business all the time)

            brent Let's be civil please. As far as I can tell Mark is just a concerned citizen who doesn't understand that he brought this to our attention poorly and most likely doesn't have the technical background or evidence to make such a claim.

              brent Well just remember that this is the internet and it is easy to think the worst of people when they aren't right in front of you.

                DataDrake You know how the fake reviews (good or bad) on yelp are so easy to spot? That's was this reminded me of. You are right, of course, character aspersion comes into play in the delicate art of calling someone out...(will refrain in the future). Sorry to steer it off-topic.

                • [deleted]

                I did have proof that I had the hidden wasp or another variant of the Chinese malware but I did not document it because I did not have time. I stay pretty busy with my work as an IT Professional. The symptoms I experienced screams malware over my nearly decade of experience.

                Please with all due respect you need not cop an attitude. Please simply address the issue like a responsible developer. I told people that I'm sure you guys would handle it and to be sure to verify there Iso's. Would you like to help me resolve my issues so that on a reinstall of Solus this does not happen again.

                I left a symptoms list below. I apologize for the delay in responding as I've been dealing with this. I am actually now having similar quirkiness in Peppermint 10 OS. I am beginning to think it's an issue affecting a wide range of very popular distros based on my research.

                Symptoms:

                Opening Files with other File Contents and not changing to the current file being opened.
                Dropping of browsers and downloads at random.
                Core System Files modified containing ld.so
                RKHunter revealing a warning showing 3 possible rootkits

                  • [deleted]

                  brent brent please leave the discussion if your not interested in contributing to a fix. I am a IT services professional. I've nothing but love and appreciation for the Solus OS Project. This was not written to malign anyone. It's a very real and significant issue.

                  I am working with someone to resolve my issues. I will have content on this so you might want to watch how you portray yourself especially if your a member of the team because that reflects on how people see the distro.

                    • [deleted]

                    DataDrake Your passive aggressive behavior is quite comical. What is your technical competency that's going to be necessary to help me resolve this issue.