Pale Moon: Data breach on the archive server

Talk about internet security, computer security, personal security, your social security number...
Post Reply
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Pale Moon: Data breach on the archive server

Post by therube »

Data breach on the archive server (archive.palemoon.org)
There has been a data breach on the (convenience) archive server where an attempt was made to sabotage our project by infecting all archived Pale Moon executables present on the server at the time of the breach with malware.

The archive server has been shut down until a secure alternative is available.
Original post:
Virus or Trojan on archive.palemoon.org ?

Data breach post-mortem


Most of the versions of Pale Moon come with accompanying .sig files (pgp signatures) which you can use to verify that the files are not tampered with or changed in any way.
Apart from the period where code-signing was not used due to unavailability at reasonable cost for Open Source development, binaries have also been code-signed; which can be checked through a right-click -> properties -> tab "Digital Signatures". If this tab is missing, then the binary is either not signed or has been modified from its original.
Later versions of the archived executables also come with a SHA256 has in the accompanying file "hashes.txt". You can verify the integrity that way, too.
That kind of stuff is there for a reason, so should not be dismissed, ignored - simply because you're getting your download from a "trusted" source.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Pale Moon: Data breach on the archive server

Post by barbaz »

According to the VirusTotal link, ClamAV doesn't detect this malware Image

Is there a signature I can add to ClamAV that would catch it? I have a couple old Pale Moon binaries which I don't remember where I got them, I don't think it was archive.palemoon.org but I'm not 100% sure, so I'd like to check to make sure they were not infected by this breach.
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Pale Moon: Data breach on the archive server

Post by therube »

Generate a hash on your end, then send it to VirusTotal (I mean Google ;-)).

This is what I sent up for (what on my end I call), "Palemoon-Portable-26.5.0.Atom.WinXP (XP).exe.7z" (which is clean).
https://www.virustotal.com/gui/file/240 ... /detection
(SHA256 hash is in the URL.)


So plug the hash you generate in, & see what VT finds on it.


"Palemoon-Portable-28.2.2.win64.exe.7z" (clean)
https://www.virustotal.com/gui/file/fe2 ... /detection
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Pale Moon: Data breach on the archive server

Post by therube »

@Moonchild
(While archive.palemoon.org is down, & .sig & "Digital Signatures" methods aside), do you have a listing of known good hashes that you could post so others questioning the validity of files they may have on hand can check against?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 SeaMonkey/2.49.5
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Pale Moon: Data breach on the archive server

Post by therube »

SHA256 hashes to check against, https://pastebin.com/Lp27meQe.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Pale Moon: Data breach on the archive server

Post by barbaz »

Thanks therube! SHA256 hashes of my binaries match what's in that file.
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Pale Moon: Data breach on the archive server

Post by therube »

(Ditto all my archived versions.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: Pale Moon: Data breach on the archive server

Post by barbaz »

*Always* check the changelogs BEFORE updating that important software!
-
Post Reply