My Journey to Becoming a Linux End User on Linux Mint

stacksofplates

Downloading images is pretty safe. If you download torrent file A from the website and then it's hacked and torrent file B is uploaded, you don't receive any pieces from file B. Whoever uploaded the second image would need to somehow use the exact same md5 hash for the new file as the old one. The program hashes each piece you download and compares the both the hash for the piece and the whole hash.

tl:dr you can't just rename a file and have people download it from you and mix it with the real file. And even if you could, they would have to get the one part that you changed from your file since you're the one seeding it. It would take forever to infect any real number of people.

stacksofplates

Once again, the whole issue came from a WordPress insecurity.

Dashrender

How are people finding the BT tracker in the first place? from one placed on the WordPress site? right?

So the hackers put a new BT Tracker, along with a new MD5 hash on the site.. and awayyyyyyyy we go.

stacksofplates

@Dashrender said:

How are people finding the BT tracker in the first place? from one placed on the WordPress site? right?

So the hackers put a new BT Tracker, along with a new MD5 hash on the site.. and awayyyyyyyy we go.

But they would only be seeding from each other. Anyone with the real file wouldn't get anything from them at all.

Dashrender

@johnhooks said:

@Dashrender said:

How are people finding the BT tracker in the first place? from one placed on the WordPress site? right?

So the hackers put a new BT Tracker, along with a new MD5 hash on the site.. and awayyyyyyyy we go.

But they would only be seeding from each other. Anyone with the real file wouldn't get anything from them at all.

Just like anyone who downloaded from the site before it was hacked would be safe, only those who start the BT after the hack would be affected by the new BT Tracker - that's all I was saying.

Anyone who downloaded the ISO direct the day before the hack isn't affected by the hacked version now.

stacksofplates

@Dashrender said:

@johnhooks said:

@Dashrender said:

How are people finding the BT tracker in the first place? from one placed on the WordPress site? right?

So the hackers put a new BT Tracker, along with a new MD5 hash on the site.. and awayyyyyyyy we go.

But they would only be seeding from each other. Anyone with the real file wouldn't get anything from them at all.

Just like anyone who downloaded from the site before it was hacked would be safe, only those who start the BT after the hack would be affected by the new BT Tracker - that's all I was saying.

Anyone who downloaded the ISO direct the day before the hack isn't affected by the hacked version now.

Right. That's why I was saying the torrents are safer though. If I have the torrent file, I could download a thousand copies even if they change it mid download and never be touched by it.

It would take forever to download if they did it the torrent way since you would only have as many seeders for the few hours it was up (sorry can't think of a good phrasing for that).

Dashrender

@johnhooks said:

@Dashrender said:

@johnhooks said:

@Dashrender said:

How are people finding the BT tracker in the first place? from one placed on the WordPress site? right?

So the hackers put a new BT Tracker, along with a new MD5 hash on the site.. and awayyyyyyyy we go.

But they would only be seeding from each other. Anyone with the real file wouldn't get anything from them at all.

Just like anyone who downloaded from the site before it was hacked would be safe, only those who start the BT after the hack would be affected by the new BT Tracker - that's all I was saying.

Anyone who downloaded the ISO direct the day before the hack isn't affected by the hacked version now.

Right. That's why I was saying the torrents are safer though. If I have the torrent file, I could download a thousand copies even if they change it mid download and never be touched by it.

It would take forever to download if they did it the torrent way since you would only have as many seeders for the few hours it was up (sorry can't think of a good phrasing for that).

What would make the BT tracker go away? I admit that I don't understand how trackers work - so maybe there is a way to kill bad files out in BT land.

But you'd only be safer with a BT IF you downloaded the BT Tracker before the hack... just like anyone who was downloading the file from the WP site would be safe if they downloaded before the hack...

All of this matters only if you are looking to get the download while the hack is in place, that's all I'm saying.

stacksofplates

@Dashrender said:

@johnhooks said:

@Dashrender said:

@johnhooks said:

@Dashrender said:

How are people finding the BT tracker in the first place? from one placed on the WordPress site? right?

So the hackers put a new BT Tracker, along with a new MD5 hash on the site.. and awayyyyyyyy we go.

But they would only be seeding from each other. Anyone with the real file wouldn't get anything from them at all.

Just like anyone who downloaded from the site before it was hacked would be safe, only those who start the BT after the hack would be affected by the new BT Tracker - that's all I was saying.

Anyone who downloaded the ISO direct the day before the hack isn't affected by the hacked version now.

Right. That's why I was saying the torrents are safer though. If I have the torrent file, I could download a thousand copies even if they change it mid download and never be touched by it.

It would take forever to download if they did it the torrent way since you would only have as many seeders for the few hours it was up (sorry can't think of a good phrasing for that).

What would make the BT tracker go away? I admit that I don't understand how trackers work - so maybe there is a way to kill bad files out in BT land.

But you'd only be safer with a BT IF you downloaded the BT Tracker before the hack... just like anyone who was downloading the file from the WP site would be safe if they downloaded before the hack...

All of this matters only if you are looking to get the download while the hack is in place, that's all I'm saying.

Right. Ya I was thinking someone made it sound like you could infect someone else who was downloading the torrent by just changing your ISO. Im on my phone so I don't feel like trying to find it in the posts lol.

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

Nothing prevents it and it is happening all the time.

It's what BT is best known for, in fact.

Only in your opinion.

I'm pretty confident that the majority of the public thinks of BitTorrent primarily as a place that people get infected.

scottalanmiller

@nadnerB said:

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

Nothing prevents it and it is happening all the time.

It's what BT is best known for, in fact.

Only in your opinion.

Well, my opinion too. Probably more out of ignorance, of the finer workings & uses, as I've never needed to download anything via BT. Most people that who use it, that I know (which isn't many), only use if for movies/TV shows.

I know of no one who uses it for anything else. I know that people do, but I've never run into one.

scottalanmiller

@Dashrender said:

How are people finding the BT tracker in the first place? from one placed on the WordPress site? right?

So the hackers put a new BT Tracker, along with a new MD5 hash on the site.. and awayyyyyyyy we go.

No they get it from the Mint torrent link directly. Going to a third party site for a Mint download would make zero sense.

JaredBusch

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

Nothing prevents it and it is happening all the time.

It's what BT is best known for, in fact.

Only in your opinion.

I'm pretty confident that the majority of the public thinks of BitTorrent primarily as a place that people get infected.

I am pretty confident that majority of the public think of bittorrent as a place to pirate songs and movies and software. They do not know a damned thing about getting infected.

MattSpeller

@JaredBusch said:

I am pretty confident that majority of the public think of bittorrent as a place to pirate songs and movies and software. They do not know a damned thing about getting infected.

Indeed. For further evidence please see: directconnect, limewire, kazaa, etc

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

Nothing prevents it and it is happening all the time.

It's what BT is best known for, in fact.

Only in your opinion.

I'm pretty confident that the majority of the public thinks of BitTorrent primarily as a place that people get infected.

I am pretty confident that majority of the public think of bittorrent as a place to pirate songs and movies and software. They do not know a damned thing about getting infected.

Maybe, that's not the impression that I've gotten. But I could easily be wrong. But the reaction I see in people is BitTorrent = viruses.

BRRABill

@scottalanmiller said:

Maybe, that's not the impression that I've gotten. But I could easily be wrong. But the reaction I see in people is BitTorrent = viruses.

That's the way I felt, and why I questioned why there was a feeling that was safer than the source.

Dashrender

yeah I'm going more with JB on this one - I think if you asked the general public about Bit torrent, assuming they even know what it was, they would say it was for piracy more than anything else.