Pale Moon: Data breach on the archive server

Talk about internet security, computer security, personal security, your social security number...
Post Reply
User avatar
therube
Ambassador
Posts: 7426
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Pale Moon: Data breach on the archive server

Post by therube » Wed Jul 10, 2019 5:17 pm

Data breach on the archive server (archive.palemoon.org)
There has been a data breach on the (convenience) archive server where an attempt was made to sabotage our project by infecting all archived Pale Moon executables present on the server at the time of the breach with malware.

The archive server has been shut down until a secure alternative is available.
Original post:
Virus or Trojan on archive.palemoon.org ?

Data breach post-mortem


Most of the versions of Pale Moon come with accompanying .sig files (pgp signatures) which you can use to verify that the files are not tampered with or changed in any way.
Apart from the period where code-signing was not used due to unavailability at reasonable cost for Open Source development, binaries have also been code-signed; which can be checked through a right-click -> properties -> tab "Digital Signatures". If this tab is missing, then the binary is either not signed or has been modified from its original.
Later versions of the archived executables also come with a SHA256 has in the accompanying file "hashes.txt". You can verify the integrity that way, too.
That kind of stuff is there for a reason, so should not be dismissed, ignored - simply because you're getting your download from a "trusted" source.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5

barbaz
Senior Member
Posts: 9178
Joined: Sat Aug 03, 2013 5:45 pm

Re: Pale Moon: Data breach on the archive server

Post by barbaz » Wed Jul 10, 2019 5:38 pm

According to the VirusTotal link, ClamAV doesn't detect this malware Image

Is there a signature I can add to ClamAV that would catch it? I have a couple old Pale Moon binaries which I don't remember where I got them, I don't think it was archive.palemoon.org but I'm not 100% sure, so I'd like to check to make sure they were not infected by this breach.
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
therube
Ambassador
Posts: 7426
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Pale Moon: Data breach on the archive server

Post by therube » Wed Jul 10, 2019 7:36 pm

Generate a hash on your end, then send it to VirusTotal (I mean Google ;-)).

This is what I sent up for (what on my end I call), "Palemoon-Portable-26.5.0.Atom.WinXP (XP).exe.7z" (which is clean).
https://www.virustotal.com/gui/file/240 ... /detection
(SHA256 hash is in the URL.)


So plug the hash you generate in, & see what VT finds on it.


"Palemoon-Portable-28.2.2.win64.exe.7z" (clean)
https://www.virustotal.com/gui/file/fe2 ... /detection
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5

User avatar
therube
Ambassador
Posts: 7426
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Pale Moon: Data breach on the archive server

Post by therube » Wed Jul 10, 2019 7:44 pm

@Moonchild
(While archive.palemoon.org is down, & .sig & "Digital Signatures" methods aside), do you have a listing of known good hashes that you could post so others questioning the validity of files they may have on hand can check against?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5

User avatar
therube
Ambassador
Posts: 7426
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Pale Moon: Data breach on the archive server

Post by therube » Thu Jul 11, 2019 12:11 am

SHA256 hashes to check against, https://pastebin.com/Lp27meQe.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5

barbaz
Senior Member
Posts: 9178
Joined: Sat Aug 03, 2013 5:45 pm

Re: Pale Moon: Data breach on the archive server

Post by barbaz » Thu Jul 11, 2019 12:24 am

Thanks therube! SHA256 hashes of my binaries match what's in that file.
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
therube
Ambassador
Posts: 7426
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Pale Moon: Data breach on the archive server

Post by therube » Thu Jul 11, 2019 3:09 am

(Ditto all my archived versions.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5

barbaz
Senior Member
Posts: 9178
Joined: Sat Aug 03, 2013 5:45 pm

Re: Pale Moon: Data breach on the archive server

Post by barbaz » Fri Jul 12, 2019 3:35 pm

*Always* check the changelogs BEFORE updating that important software!
-

Post Reply