

"Anonymous OS" Taken Offline Due to Security Concerns - techinsidr
http://www.securityweek.com/anonymous-os-taken-offline-due-security-concerns

======
codys
Interestingly, there doesn't appear to be any info on how it was actually
booby-trapped. The sourceforge release [1] only references the BBC article
[2]. The BBC article, in turn, makes no statement as to any malicious content,
it only indicates that security researchers are looking at it.

Any one know if anyone actually has examined it? Or is everyone just suffering
from a lack of trust?

1: <http://sourceforge.net/blog/anonymous-os-response/> 2:
<http://www.bbc.co.uk/news/technology-17381214>

------
kaeluka
so what? Script kiddies getting pwned..

------
kijin
Anyone had a chance to run it in a VM and watch the traffic?

~~~
gnu8
I'd be wary of Anonymous-OS including exploits to break out of a VM and infect
the host.

~~~
threepointone
Is that even possible? How would one even go about doing so?

~~~
colechristensen
Yes, it is entirely possible for software to break out of a virtual machine
and run code on other VMs or the host. Isolating something in a virtual
machine does provide rather good security, but none is perfect.
Vulnerabilities have existed in many virtualization systems which allowed this
to happen.

~~~
threepointone
Thanks, that actually stops me from trying to get the OS running.

However, why did gnu8 get downvoted? Seems like a reasonable comment, relevant
to the discussion.

~~~
FreakLegion
My guess is he was downvoted either for political reasons (by someone who's
pro-Anonymous and mistakenly took his comment as a knock against them[1]), or
because the downvoter wasn't security-savvy enough to know that gnu8's concern
is legitimate.

[1] "Anonymous is not unanimous" and all that, but at the risk of No-True-
Scotsmanning, either the distro is legitimately from Anonymous and contains no
malware, or it contains malware and isn't legitimately from Anonymous (rather
is intended as an attack against them).

