Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Discussion Peppermint 7


  • Please log in to reply
22 replies to this topic

#16 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:56 AM

Posted 25 April 2017 - 05:53 AM

You are right any website can be hacked and also so can the SHA256 key if a hacker has the right software and know how with enough determination and persistence.

 

 

 

Yes, especially is the owner of the site doesn't stay on top of things. As I recall, the hacker who released the modified Linux Mint Cinnamon done so on a weekend, so as not to arouse suspicion until caught, and it didn't take long for the Mint team to discover the breach. It would likely take a lot longer than a weekend to modify the SHA256 key then to hack the website, and most likely, would surely get caught again, maybe not the hacker, rather the modified ISO. 

 

While a small distro may not catch it fast, as some works a real job to have a roof over their head & the essentials of life, this would still be reported in short order with a major distro. Someone, maybe a member of the open source community will see that something's not right & report, the issue will be fixed in minutes (any redirected download links) by the large distros. This would be a security issue, and as most all of us long term Linux users knows, are normally fixed once discovered. This is an example of where all of the different distro maintainers puts their differences aside & gets the job done. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


BC AdBot (Login to Remove)

 


#17 The-Toolman

The-Toolman
  • Topic Starter

  • Members
  • 1,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 25 April 2017 - 07:44 AM

The larger mainstream flagship Linux distros seem to be the ones that have been compromised in the past as I to this day don't recall any of the small non mainstream spins or flavors of Linux being compromised.

 

Having the SHA256 key is no guarantee that an ISO download is safe and secure and only provides a false sense of security.  :scratchhead:

 

WWW = Risks


"Under certain circumstances, profanity provides a relief denied even to prayer."

(Mark Twain)
 

"Inspiration can be found in a pile of junk. Sometimes, you can put it together with a good imagination and invent something."

(Thomas Edison)


#18 The-Toolman

The-Toolman
  • Topic Starter

  • Members
  • 1,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 25 April 2017 - 01:29 PM

Hey cat1092'

 

Did you use this to verify your download.

 

https://peppermintos.com/gpg-verification/


"Under certain circumstances, profanity provides a relief denied even to prayer."

(Mark Twain)
 

"Inspiration can be found in a pile of junk. Sometimes, you can put it together with a good imagination and invent something."

(Thomas Edison)


#19 buddy215

buddy215

  • Moderator
  • 13,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:56 AM

Posted 25 April 2017 - 01:54 PM

Cat1092....I just spent some time testing and fixing my download speeds. Turns out I have not been getting the correct speed for 3 or 4 days since a power surge from lightning damaged my modem.

I took the modem to my ISP's office and exchanged it....one advantage of having a small local ISP. I'm now back up to speed. I did try out the Down Them All! years ago and it

had some kinks so I have not used it since. I will try it out again and have installed it in Firefox.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#20 The-Toolman

The-Toolman
  • Topic Starter

  • Members
  • 1,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 25 April 2017 - 03:42 PM

Hey cat1092,

 

I believe this may be the answer to why nothing matches when you do the SHA256 key check.

 

https://forum.peppermintos.com/index.php/topic,5454.0.html

 

Hopefully this will clear up the differences.

I know it did for someone else I know with the same problem.


"Under certain circumstances, profanity provides a relief denied even to prayer."

(Mark Twain)
 

"Inspiration can be found in a pile of junk. Sometimes, you can put it together with a good imagination and invent something."

(Thomas Edison)


#21 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:56 AM

Posted 26 April 2017 - 02:53 AM

The-Toolman, thanks for that! :)

 

 

 

sha256sum for Peppermint 7 Respin (64 bit):-
ed5a7bac66c45f1fa55f3ba9cc01bd881178b7fc4526763ce8226f333f74e60c

 

Now why could he simply post that on the site om the being? The site owner must have fixed this after I visited the website, was on the same page, and the SHA256 & MD5's weren't shown. Will download again, using Down Them All & if the download complete w/out issue, it passes. :)

 

Like you stated above, it would take a determined attacker to modify it, that would require a very powerful computer, as well as a lot of time to spoof that key. 

 

Success, using Down Them All, I was able to grab both the 32 & 64 bit ISO's, including SHA256 check, just inside of 10 minutes. :thumbsup:

 

Had this Topic not been open, as well as the one in the Topic you posted on their site, this wouldn't had been fixed, as it was the same bookmarked page I went to earlier two nights ago, and the date on there was just a day after I tried downloading. Maybe it was for the best, as PCNetSpec (who used to post here) stated something was wrong with GRUB. At least the community caught his attention! :)

 

https://peppermintos.com/

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#22 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:56 AM

Posted 26 April 2017 - 03:43 AM

Cat1092....I just spent some time testing and fixing my download speeds. Turns out I have not been getting the correct speed for 3 or 4 days since a power surge from lightning damaged my modem.

I took the modem to my ISP's office and exchanged it....one advantage of having a small local ISP. I'm now back up to speed. I did try out the Down Them All! years ago and it

had some kinks so I have not used it since. I will try it out again and have installed it in Firefox.

 

buddy215, you may want to give Down Them All a shot again if it's been some time since you last used the download manager. :thumbup2:

 

I began using it back in 2010, when I was a Microsoft TechNet member, because their download manager (Akamai) had way too many wild swings in performance & I have quite a library of these ISO's (now stored on a 150 GIB partition on three HDD's & a backup). Found the Down Them All DL manager & have never looked back, it milks every last drop of speed possible to get what you want, often faster than what you're paying for. :)

 

If by chance, you have the NoScript extension on Firefox, be sure to whitelist the Down Them All site, it may help. Also, some sites will still be slower than others, yet still the good thing about a DL manager is that if your connection momentarily breaks or drops, you won't lose the connection, the DL manager keeps trying to connect every few seconds up to 15 minutes & picks up the download where left off.

 

There's nothing more aggravating than having a large ISO download breakup when almost complete. Sometimes, USB wireless cards will cause this, especially the ultra low cost models (sub-$10) that gets hot in 5 minutes with a couple of Web pages open. I have one of the AZIO brand (N-150) purchased as a Shell Shocker on Newegg many years back when cash was tight, purchased a Netgear 'G-54' PCMCIA card used on eBay for $20 & still works to this day. 

 

At any rate, I feel that you should give DTA a shot again, maybe it's better now, or your extensions, if any are installed, won't interfere with performance. I cannot begin to count the many GiB's (probably into the TiB's) of downloads I successfully grabbed with DTA, including both of these Peppermint ISO's. Note that you do have to select the right type of checksum to the left after copy/pasting it into the box, to the left of it will be several choices, some higher than SHA256 to choose from, selecting the wrong one will cause issues, as well as not copy/pasting the full string into the box. Anyone can make a slip, have made a few in my days. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#23 The-Toolman

The-Toolman
  • Topic Starter

  • Members
  • 1,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 26 April 2017 - 07:28 AM

Hey cat1092,

 

You are welcome and glad this is all unconfused and you finally were able to get an accurate key checksum. :thumbup2:

 

Keep the faith there is power in the forums. :wink:

 

The Toolman


"Under certain circumstances, profanity provides a relief denied even to prayer."

(Mark Twain)
 

"Inspiration can be found in a pile of junk. Sometimes, you can put it together with a good imagination and invent something."

(Thomas Edison)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users