Furthermore, I need proof that you are who you say you are. So far all I can tell is that you are hiding behind a protonmail email address.
Highly Suspected Compromised Solus ISO / Rootkits Post Fresh Install
I've a lot more to say and I hope to get SwitchedtoLinux Tom to talk about my experience with what I believe is the hidden wasp or a variant of it that has gotten into the Solus ISO
So you're going around telling people there's been a compromise, without actually providing evidence of it?
- Edited
I noticed oddly enough that my 1 way hash was shown to be an SHA1 Hash post install after I started having similar issues as English Bob was having.
That isn't actually possible unless you're explicitly running the wrong command. Our sha256sum is generated by literally running sha256sum <filename>.iso, and to generate the sha256sum file itself I'm doing sha256sum <filename.iso> > <filename>.iso.sha256sum. The sign files are generated using GPG. I validated that these signed files available on our server are provided by us and generated by my key, which has not been compromised, as such signage requires:
- You'd need my desktop's GNOME keyring and to unlock it. Which means physical access to my desktop. Which means being in my home.
- You would need my physical Yubikey as well as actually knowing the prefixed part of the password to unlock the keyring and the GPG agent, the later being something I only know.
- Building on point #1 and #2, I'd know if someone broke into my house.
Nothing like a little FUD late in the evening to warm our hearts.
- Edited
Also people who are just a little bit serious contact the responsible via appropriate channels instead of posting on a forum saying something like please check this guy's channel and search for something named like this or something similar to see what I am talking about !
Wow Kyrios, I had never noticed that (probably because I'd never wanted to use it). Good to know it's there though.
Cursory research reveals English Bob is a y'tuber w/4800 subs, and one year ago he released a video about Solus called "Solus/Linux Security Blah Blah" (I forgot the rest). One can see Doherty barking at him in the comments like the old days
Anyway, I will bet an entire paycheck, without watching the vid, that rootkits never came up...you think someone would know by now, eh?
My 2 cents? This thread-posting brought to you 100% by a concerned competitor who views Solus a threat.....
(you see this in business all the time)
[deleted]
I did have proof that I had the hidden wasp or another variant of the Chinese malware but I did not document it because I did not have time. I stay pretty busy with my work as an IT Professional. The symptoms I experienced screams malware over my nearly decade of experience.
Please with all due respect you need not cop an attitude. Please simply address the issue like a responsible developer. I told people that I'm sure you guys would handle it and to be sure to verify there Iso's. Would you like to help me resolve my issues so that on a reinstall of Solus this does not happen again.
I left a symptoms list below. I apologize for the delay in responding as I've been dealing with this. I am actually now having similar quirkiness in Peppermint 10 OS. I am beginning to think it's an issue affecting a wide range of very popular distros based on my research.
Symptoms:
Opening Files with other File Contents and not changing to the current file being opened.
Dropping of browsers and downloads at random.
Core System Files modified containing ld.so
RKHunter revealing a warning showing 3 possible rootkits
[deleted]
brent brent please leave the discussion if your not interested in contributing to a fix. I am a IT services professional. I've nothing but love and appreciation for the Solus OS Project. This was not written to malign anyone. It's a very real and significant issue.
I am working with someone to resolve my issues. I will have content on this so you might want to watch how you portray yourself especially if your a member of the team because that reflects on how people see the distro.
[deleted]
DataDrake Your passive aggressive behavior is quite comical. What is your technical competency that's going to be necessary to help me resolve this issue.
[deleted]
kyrios Thanks for the input I am brand new to the Solus Forum. I can repost there or you guys might move it for me. Now I know so I will do just that going forward with security issues. No distro is perfect but it's just how you respond that matters most.
[deleted]
brent I had the rootkits showing on my earlier install. I'll soon be checking into Peppermint 10 OS as well. I'll be sure to cover my findings in a video soon enough.
Listen I'm not out to do anything but encourage, uplift and make Solus OS respected across the entire world. Look you guys have done a bang up Job. This just needs to addressed responsibly like anything else.
[deleted]
JoshStrobl That is what it showed when performing an update of my packages list if I remember correctly. I do remember it saying SHA 1 for the 1 way hash in the terminal. If I can get another machine up and running with Solus OS soon I'll be sure to show you my findings. I'm working on pulling a replacement build together.
[deleted]
DataDrake It's not an accusation. It's a support request for a suspected security flaw. If it's not taken seriously than how can I comfortably continue to use and recommend your distribution.
[deleted]
JoshStrobl I didn't realize until after the fact how old the video was which is even more concerning.