Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Ubuntu ISO Download Not Coming From Expected URL


  • Please log in to reply
17 replies to this topic

#1 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2016 - 01:42 PM

Is anyone elses Ubuntu ISO coming from "d3f216qdpm0le3.cloudfront.net" (or a similar cloudfron.net url) instead of the official URL?

 

My Lubuntu ISO came from the official URL, but my Ubuntu ISO is coming from d3f216qdpm0le3.cloudfront.net instead. It's possible that Canonical is using Amazon Cloudfront to help handle all the traffic they are getting, but it's also possible I'm being redirected by a third party. I've paused the download for now.



BC AdBot (Login to Remove)

 


#2 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2016 - 01:46 PM

Found and old thread documenting a similar case, http://ubuntuforums.org/showthread.php?t=2301086 , but it's not that re-assuring since it suggests the problem is caused by an error.



#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 21 April 2016 - 01:48 PM

Download the .iso and check the hash to see if it's legitimate?...

http://releases.ubuntu.com/xenial/

There's nothing wrong in Canonical using Amazon CloudFront, nor is it suspicious. Also, I downloaded it twice and I didn't encounter any issue while doing so.

Edited by Aura, 21 April 2016 - 01:49 PM.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2016 - 02:03 PM


Download the .iso and check the hash to see if it's legitimate?

I intend to check the checksum, but I don't like relying soley on them.

 


There's nothing wrong in Canonical using Amazon CloudFront, nor is it suspicious.

I've just never had it happen before when downloading an ISO from them. Unless others can confirm this redirection is in fact by Canonical I will probably abort, and try again in a few days.



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 21 April 2016 - 02:04 PM

Why don't like you checksums? It's one of the best way to confirm the legitimacy of a file.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2016 - 02:07 PM


Why don't like you checksums?

I do like checksums, but I use them as an indication of purity, not a guarantee. Everyone has their own level of security they feel comfortable with, and I tend to be a bit extra cautious compared to some people.



#7 mremski

mremski

  • Members
  • 498 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:06:31 AM

Posted 21 April 2016 - 02:08 PM

Why don't like you checksums? It's one of the best way to confirm the legitimacy of a file.

It's the best way to confirm that the bits making up the file produce the same checksum for the same algorithm that you are comparing to.  Hack a website, put up a modified ISO and the appropriate checksum, you can verify that the ISO matches that checksum, you just don't know if either or both are compromised.  That's why hollowface said "...solely on them...".

 

Good practice includes getting the checksum from a different place you download the file, independent verification, "trust but verify".


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 21 April 2016 - 02:12 PM

So basically you guys are suspecting a massive hack of Ubuntu website.

Sigh, nothing I can do here. I'm out.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2016 - 02:20 PM

So basically you guys are suspecting a massive hack of Ubuntu website.

Sigh, nothing I can do here. I'm out.

 

At this point, no. I'm more just concerned with me personally being man-in-the-middled, and redirected to an unsafe download.

 

That said I wouldn't be suprised if Canonical was attacked, but I'm sure it would be caught pretty quickly by someone using the gpg checksums.



#10 mremski

mremski

  • Members
  • 498 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:06:31 AM

Posted 21 April 2016 - 02:24 PM

So basically you guys are suspecting a massive hack of Ubuntu website.

Sigh, nothing I can do here. I'm out.

:hysterical: 

No, I was simply pointing out that a checksum is a mathematical transfom of a bunch of bits into a number.  If someone was able to replace the ISO AND provide a checksum that matched that ISO on a single website, then if an unsuspecting user downloaded that ISO from that website and verified the checksum against the one on THAT website, they could have a false sense of security.   Hence the good practice of getting the checksum from a different website that you download the ISO from.

 

Yes, it has happened.  Is it common?  No.  But unless at least one or two anal retentive types notice it, no one will.

 

I think you are overreacting, Aura.  Neither the OP nor I suggested that Ubuntu has been hacked, OP noticed something unusual for him, I was simply being more precise on what a checksum actually gives a person.

 

It's likely I'll get in a bit of trouble for this, but really, lighten up.


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#11 Linux_User

Linux_User

  • Members
  • 26 posts
  • OFFLINE
  •  

Posted 21 April 2016 - 03:09 PM

Ubuntu have used Amazons coudfront content delivery system for some time now to lighten the load on their servers and make sure people aren't left waiting for slow downloads, they generally only do this around a release (when they know there'll be a rush) .. nothing to worry about.

 

See here:

https://askubuntu.com/questions/125412/md5-mismatch-on-my-12-04-iso-what-is-going-on



#12 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2016 - 03:21 PM

@Linux_User

Thanks for the helpful link. That is the closest I've seen to an official mention.



#13 Linux_User

Linux_User

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 21 April 2016 - 03:36 PM

Yeah, assuming it was from the real Collin Watson

https://askubuntu.com/users/3228/colin-watson

and

https://wiki.ubuntu.com/ColinWatson

I think it can pretty much be considered about as official as you'll likely get ;)


Edited by Linux_User, 21 April 2016 - 03:37 PM.


#14 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2016 - 04:35 PM

While it does sound like this redirection is official, due to the lack of official confirmation, and lack of confirmation by other users, I've decided to delete everything, and download from one of the official third party mirrors that supports HTTPS, but I will wait till tonight to do it.

While this won't necessarily help if Canonical's server was compromised, it will help me feel more confident that I'm not being man-in-the-middled, which is my main concern here.

Thanks all.
 



#15 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,854 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:31 AM

Posted 21 April 2016 - 04:38 PM

I got mine via torrent and its fine






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users