 You know, it's a real shame when people let their political views or their world views or whatever affect literally everything in their lives, but it's especially shameful when people let their butthurt affect other people's ability to use free software. So you guys know Ubuntu, right? It's arguably one of the most popular Linux distros out there. It's definitely one of the more popular ones that are recommended to first-time desktop Linux users because it's a JustWorks distro. Well, recently the desktop installer for the latest version of Ubuntu fell victim to what I'm going to call a supply chain attack. So Ubuntu being a JustWorks distro, it has a nice graphical user interface with an installation wizard that I'm pretty sure actually starts whenever you boot up a live Ubuntu USB. And this install wizard is very straightforward. You can read it in your native language. It's easy to understand. It's just as easy to install Ubuntu as it is Windows because of it, which is why I consider it a JustWorks distro. Anyway, if you translated these installation instructions to Ukrainian on the latest version, then it would show up with a bunch of slurs about having casual gay sex with Jewish dildos, which are probably not the instructions that you were looking for when you booted Ubuntu. So this is an explanation from an Ubuntu product manager about what happened on the Ubuntu announcement blog. So this was posted just a little bit earlier today. Summary, a community contributor submitted offensive Ukrainian translations to a public third party online service that we use to provide language support for the Ubuntu desktop installer. Around three hours after the release of Ubuntu 23.10, this fact was brought to our attention and we immediately remove the affected images. After completing initial triage, we believe that the incident only impacts translations presented to a user during installation through the live CD environment and not during an upgrade. During the installation, the translations are resident in memory only and are not propagated to the disk. If you have upgraded to Ubuntu 23.10 from a previous release, then you were not affected by this issue. The impacted images were Ubuntu desktop 23.10 and Ubuntu Budgie 23.10. The Ubuntu desktop legacy ISO is still available and not affected. Please keep in mind that translations are data files that support internationalization of applications. These files are updated with the support of third party online systems with contributions from individuals all around the world that get integrated into Ubuntu. So this is kind of why I'm considering it to be a supply chain attack because Ubuntu is saying that they use the third party service for translations. And I figured out what they use by looking at the GitHub repo for Ubuntu desktop. And this is where the well, this is the commit where the malicious translations were submitted. So you can see that the translation URL is pointing to hosted.webleit.org. So this is, I guess, where people who speak, read and write different languages can offer their translation services to different open source projects. So I'm guessing that this is where the malicious translations were originally pulled from. But if you try following the URL that's in the GitHub, it the page has been removed. So ultimately, this hack didn't really lead to anything malicious happening. I mean, there were probably a few people that got offended. You can look through all the comments on this GitHub page and see that some people had their feathers ruffled. And also the fact that the GitHub repo had to be locked. Clearly, there was some shenanigans taking place. But this hacker prank, whatever you want to call it, it got me thinking about how language translations could be used by a malicious adversary to target specific groups of people that are using specific pieces of software. So something really simple that you could do to just lower the end user security, say if they're installing Ubuntu is you could swap the translations for enabling and disabling encryption. So, you know, with the GUI wizard, I'm pretty sure that there's just some box you check, like, do you want to enable Luxe encryption? And then you probably put in a password on the next page. You might be able to switch it around and make people think that they're enabling Luxe encryption, but really they're leaving it disabled. Or it might be able to pull off something a little bit more advanced like sneaking an additional URL into the translated installation instructions that take people to a malicious site or better yet, change an existing URL. There might be one at the end that tells you to visit the Ubuntu forums to like learn more about your system and how to upgrade it and stuff like that. Well, you might be able to direct someone to a site where they can download some malware or it might just be a fake copy of the Ubuntu forums. You can direct people there and steal their login data if they already have a form account. And then from there, you could hijack their account on the real forums to get more people to install your malware. So in a way, I think it's kind of good that an attack like this was just used for trolling instead of a more sophisticated social engineering attack that could lead to some kind of Ubuntu botnet getting created. You know, this kind of reminds me of how Pompom Perrin managed to hack an actual FBI email server and he got it to send emails that would actually appear to be from the real FBI domain. But instead of him using that exploit to get some Fortune 500 companies to install a root kit on their servers that would just masquerade as this FBI anti-malware tool. Like, yeah, guys, go ahead and, you know, install this. And I'm sure that all kinds of corporate IT guys would just go right ahead and install. Yeah, it's an anti-malware tool coming from the FBI. What could go wrong? No, instead of doing that, he just sent out some troll emails to make fun of Vinny. But even though these security vulnerabilities are just leading to some trolling, they could easily be used for more malicious activity in the future if they go unfixed. So this translation hack, it's really low hanging fruit that could really have been caught so easily. Like, if you go to this commit and you can read Ukrainian, then you should be able to see right away that this is talking about Jews and porn and not Ubuntu or Linux or anything of that nature. Even if you don't read Ukrainian, you can very easily copy this stuff and throw it into a translator and you would see the same thing. So something this blatant can probably be avoided with automation. If canonical were to use like an API for a translation service and a word list of slurs to check it against after translating it into English. That's a really easy solution that they might want to look into. And the same thing should be done for readme files and other non-source code files. It's important to scrutinize even the non-source code files just as much as the code files, even if they can't necessarily be used to execute malware on their own. They could point the user towards malware or recommended settings that could reduce the end user safety. And speaking of end user safety, there was this security vulnerability discovered in Curl earlier this week that one of the developers of Curl described as the worst Curl security flaw in a long time. Now, the reason that this bug was initially so concerning is the fact that Curl and more specifically LibCurl, the LibCurl library, is a piece of software that pretty much everyone uses. Okay, Curl, it's a tool for transferring data to and from a server using URLs. Think about it. Pretty much every networked application out there is doing that and could be using the LibCurl library. And yesterday, there was an updated version of Curl that was released 8.4.0 that patches the high severity buffer overflow exploit that you're looking at here, as well as a low severity cookie injection flaw. Now, even though this is a severe security exploit in a version of software that pretty much everyone is running, probably is still running, the good news is you're only really vulnerable if you're using Curl with SOX5 proxies and you connect to an attacker controlled HTTP server with remote hostname resolving. And I also believe that the connection has to be kind of slow, like in order to pull off this exploit, it's kind of a time sensitive thing. So yeah, you're only vulnerable if you're doing that specific kind of setup, which most people are not doing. So it's really easy to mitigate this issue by just ideally upgrading Curl or if you are using the SOX5 proxy with the older version of Curl, you could just use local name resolving and then you shouldn't be vulnerable to the exploit in that circumstance either. So that's it for this video, guys. Please like and share to hack the algorithm. Follow me on Odyssey. And you can get my new tie dye tortoise only available on base.win. And you can save 10% store-wide when using Monero XMR at checkout. Have a great day.