Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Firefox in PCLinuxOSFullMonty 2013.04 DVD, purchased from OSDisc.com last year, has 12 plugins. Eleven of the plugins are fake. They are not in list of Firefox plugins on Mozilla's website. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2014
    Posts
    56

    Fake browser plugins in live linux DVDs


    Firefox in PCLinuxOSFullMonty 2013.04 DVD, purchased from OSDisc.com last year, has 12 plugins. Eleven of the plugins are fake. They are not in list of Firefox plugins on Mozilla's website.

    The only addon that is not take is a java plugin. Java plugins do not belong in linux distros. I doubt the developers of PCLinuxOS FullMonty preinstalled a java plugin.

    PCLinuxOS GNOME 2010.12 also has fake Firefox plugins. All of them are fake. List of plugins and screenshots are in thread on Firefox plugins in badbios subreddit at reddit.

    All five plugins of live TOR DVD (Privatix) are fake. See thread in /r/onions subreddit at reddit. Shortly after downloading Privatix in November 2011, my computers were infected with FOXACID and BadBIOS.

    I will ship my tampered Privatix and two PCLinuxOS DVDs to anyone willing to conduct forensics.

    Could other linux users, especially TOR users and customers of OSDisc.com, examine Firefox plugins in their linux DVDs?
    Last edited by BadBIOSVictim; 05-16-2014 at 04:10 PM.

  2. #2
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    932
    Have you contacted who you got the disc from and if they checked the checksums. Sure they can help you or get you another distro.
    A lion does not lose sleep, over the opinion of sheep.

  3. #3
    Just Joined!
    Join Date
    May 2014
    Posts
    56
    OSDisc.com did not reply to my emails. Subsequently, I ordered other linux DVDs from OSDisc.com. At least two other linux DVDs were tampered.

    Some of the others didn't finish booting: PC-BSD, GhostBSD and Korora KDE.

  4. #4
    Linux Newbie nihili's Avatar
    Join Date
    Dec 2013
    Posts
    145
    about pclinuxos: did it install otherwise?
    if so, i guess that's normal and legal procedure.

    i don't understand why people pay for something that is available for free.
    it seems that by buying it you have submitted yourself to a "commercialised" linux install dvd.

    and what's with the user name? does that have something to do with your current problem?

  5. #5
    Just Joined!
    Join Date
    May 2014
    Posts
    56
    Nihili, I didn't install both PCLinuxOS distros. I booted to them live.

    I purchased DVDs from OSDisc.com because my computers were infected with BadBIOS. BadBIOS infects the burning of DVDs. Also, xfburn, brasero and K3B do not offer feature to finish or seal the burn. Thereby, hackers can remotely burn a multi session on the DVD. The multi session could contain a squashfs or preseed.

  6. #6
    Just Joined!
    Join Date
    May 2014
    Posts
    56
    Intent of tampering linux DVD is to infect and procure data. Replacing a tampered DVD with another tampered DVD is not a solution. Discarding the firmware rootkit infected computers is.

  7. #7
    Just Joined!
    Join Date
    May 2014
    Posts
    56
    Part two is at 'BadBIOS infected linux distros have multiple squashfs, busybox & initrd files' in Security section.

    Part three is at 'BadBios infected German Tor has preseeds' in Security section.

  8. #8
    Linux Newbie nihili's Avatar
    Join Date
    Dec 2013
    Posts
    145
    you know you can also edit your post.
    anyhow this is going OT.

  9. #9
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    932
    It would be nice if you put all this in one thread instead of multiple. Here's your other...

    http://www.linuxforums.org/forum/sec...oot-pwned.html
    A lion does not lose sleep, over the opinion of sheep.

  10. #10
    Just Joined!
    Join Date
    May 2014
    Posts
    56
    Nihili, what do you mean by going OT?

    I posted forensic work in several threads because:

    (1) I performed the forensic work in stages. I didn't plan to continue doing more forensic work. I continued partly because so far no one has volunteered to conduct forensics.

    (2) The threads are long. Combing three threads would be too long.

    (3) Members will be discouraged from commenting if the thread is too long and too many issues are discussed.

    (4) Fake browser plugins are a different category than multiple filesystems.

    (5) Since bartsimpson and xii didn't mention preseed and because preseed thread was a long thread, I posted it separately.

    It took a lot of time to research fake browser plugsin in three linux distros, take screenshots, chose which screenshots to upload, etc. It took a month to research multiple squash, busybox, initrd and preseed files.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •