Red Star Linux Caught Spying, Modifying, Deleting
The big story today was the confirmation of hidden features in North Korea's Red Star OS, based on Red Hat/Fedora. It was a top headline on most websites many with plays on the words Open Source and oppressive. In more local circles the release of the first stable Solus OS excited the community and the first reviewer asked where's vi.
Red Star was found to contain lots of extra software that allows the government to keep their citizens oppressed. A synopsis was published of the talk given over the weekend at the thirty-second annual Chaos Communication Congress in Germany. The CCC is a construct of the Chaos Computer Club, a group of hackers working for freedom of speech, privacy, security, encryption, and such. Each year they hold a convention to discuss and learn the latest. This year Florian Grunow and Niklaus Schiess shared the findings of their research on Red Star OS.
Grunow reported earlier in the year on things like a program that "pretends to be some kind of virus scanner" that actually watermarks users' files, even if they haven't opened them. Apparently this is how the government can tract "illegal" code and users thereof. After making a document file, "the MD5sum of the file changed" without it being reopened or "touched in any way." It changed because the nefarious code had access to it. Grunow said the file was now really a zip of the original file with multiple files added. "Garbage" was added at the beginning of the file including the users hardware serial numbers. The files can even be deleted if undesirable to dear leader. He summarized, "Creating and using media files and documents on RedStar OS can get you into trouble if you are living in North Korea."
In this weekend's talk, Grunow and Schiess said the system is designed to "defend and protect itself from changes made from user space" and will reboot if changes are detected. The web browsers all connect to central servers before transferring content tracking all users' activity. They drove the point home with, "We found that the features implemented in Red Star OS are the wet dream of a surveillance state dictator."
The first stable release of Solus OS with the Budgie desktop was released Sunday. Lots of sites carried the news and Neil Rickert was anxious to test drive Solus OS 1.0. He said the boot was pleasant in appearance and the desktop reveals "that this is Gnome 3.18.2." He also couldn't find a way to run software updates. The live DVD just froze when faced with UEFI machine and manual bootloader configuration was needed. I had to chuckle when Rickert complained that the lack of vi force him to use Nano. Then the host command was also MIA as were the entries in power settings. He concluded that Solus OS is "an interesting new distro, but it's newness is showing."
In other news,
* China Linux PCs: full details and pictures
* A year of Linux has already happened. You missed it.