Debian User Forums

Watch out Wheezy...

https://www.ghacks.net/2017/07/29/wikil ... ant-aeris/

Aeris appears to be an implant that is designed to allow an agent to retrieve and send information about the infected system through TLS encrypted channels.

And what would be that information? Our personal data, online passwords and data from the clouds? Or an entire file system?

Another question is why are only old distributions targeted. Don't forget about older Android versions, I think those too might be vulnerable.

EDIT: Someone might be spreading fear to force upgrades to new OS versions. My personal opinion.
Possible reason? It's the economy. New OS require newer hardware. If you push people to upgrade, they have to buy better machines. Right now, there are a lot of i368s all around the world, but new systems mostly don't support them. Which means people have to go to Walmart/anyMart to buy shiny x86/amd64s.

Likewise, the latest online products and services are reserved for 64-bit, many applications are outright dropping 32-bit support.

I find myself deeply puzzled by the list of systems that are supposedly being "targeted."

I mean, RHEL 6 but not 5.x... and CentOS 5.x but not 6? (And not Scientific?)



I call BS on the original announcement.

What is probably going on is that this is outdated software for spying on corporations and other governments. That is why older versions of distributions were targeted, and not newer versions.

As for the RHEL vs. CentOS thing, that is probably just what they specifically tested it on. An internet search indicates that at least some people consider them to be separate distributions even though they are closely related.

The rest of the list is probably not conclusive either, it is probably just what the programmers had the funding to test and verify at the time it was sold or developed for the CIA. It probably does affect other distributions and versions of distributions.

sgian wrote:As for the RHEL vs. CentOS thing... some people consider them to be separate distributions even though they are closely related.

Those "people" haven't the faintest damn clue what they are talking about. CentOS is a full source recompile of rebranded RHEL. RHEL and CentOS are distinct distros (different "look," different default configs, etc.), but they are otherwise bit-for-bit identical. "Differences" between the two are literally merely cosmetic.

Ditto Scientific Linux (though I believe Scientific installs some home-grown groupware binaries as well; not QFT)

https://wiki.centos.org/FAQ/General
https://www.scientificlinux.org/about/