You are Here:
Linux Lite 4.6 RC1 has been released. See the Release Announcements section for more information.



[ SECURITY ] Linux Mint ISOs & Forums Compromised

Author (Read 2429 times)

0 Members and 1 Guest are viewing this topic.

Linux Mint ISOs & Forums Compromised
« on: February 21, 2016, 09:20:44 AM »
 

Scott

  • Global Moderator
  • Gold Level Poster
  • *****
  • 858
    Posts
  • Country: 00
  • Reputation: 186
  • Linux Lite Member

  • Linux Lite: 3.4 64bit

  • CPU: Dual core Intel Core i3 M 330

  • MEMORY: 6Gb

  • VIDEO CARD: Intel Integrated Graphics
No need for panic but this is definitely newsworthy.  ~Scott

http://blog.linuxmint.com/?p=2994

Update
Looks like the Mint forums were compromised as well.
http://blog.linuxmint.com/?p=3001
Last Edit: February 21, 2016, 10:26:43 PM by Scott(0)
 


Re: Linux Mint ISOs & Forums Compromised
« Reply #1 on: February 21, 2016, 11:10:10 AM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1257
    Posts
  • Country: us
  • Reputation: 134

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
If users bothered to md5sum check their downloaded isos against a good posted number.
Then they will know they have a bad iso.
LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 

Re: Linux Mint ISOs & Forums Compromised
« Reply #2 on: February 21, 2016, 06:31:45 PM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6937
    Posts
  • Country: nz
  • Reputation: 642
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
Wordpress is a joke, worst CMS in the history on the interwebz.
I pentested a Wordpress site for a client the other day, a start up company in NZ. The results would shock you. I wish they'd come to me before going live. They asked me what they should do. My answer was blunt and unapologetic, "dump Wordpress, hand-code everything in php, html and css."
 

Re: Linux Mint ISOs & Forums Compromised
« Reply #3 on: February 21, 2016, 10:27:59 PM »
 

Scott

  • Global Moderator
  • Gold Level Poster
  • *****
  • 858
    Posts
  • Country: 00
  • Reputation: 186
  • Linux Lite Member

  • Linux Lite: 3.4 64bit

  • CPU: Dual core Intel Core i3 M 330

  • MEMORY: 6Gb

  • VIDEO CARD: Intel Integrated Graphics
Update
Looks like the Mint forums were compromised as well.
http://blog.linuxmint.com/?p=3001
 

Re: Linux Mint ISOs & Forums Compromised
« Reply #4 on: February 22, 2016, 09:07:26 AM »
 

torreydale

  • PayPal Supporter
  • Platinum Level Poster
  • *****
  • 1477
    Posts
  • Country: us
  • Reputation: 239
  • * Forum Moderator *

  • Linux Lite: 4.4 64bit

  • CPU: Intel Core i5-5300U (-HT-MCP-)

  • MEMORY: 8Gb

  • VIDEO CARD: Intel Broadwell-U Integrated Graphics
Three weeks ago I couldn't download the *.torrent file from their site (for Cinnamon or MATE editions), and that's the route the news article seems to suggest is safer at the moment.

The "good news" in this is that a Linux distro is seen as so popular that it's worth hacker attention. 
Want to thank me?  Click my [Thank] link.
 

Re: Linux Mint ISOs & Forums Compromised
« Reply #5 on: February 22, 2016, 01:48:26 PM »
 

LinuxNoob

  • Forum Regular
  • ***
  • 108
    Posts
  • Country: ca
  • Reputation: 11
  • Linux Lite Member

  • Linux Lite: 3.2 64bit

  • CPU: 6x AMD Phenom(tm) II X6 1045T Processor

  • MEMORY: 8Gb

  • VIDEO CARD: Gallium 0.4 on AMD RS780
  https://youtu.be/KMRwaQNs45k?t=32m45s

I listen to JB sometimes and came across this thought I would share however it seems it's already been posted so here is a vlog about some info and commentary about this.

Enjoy
I'v been bashing Windows way before Microsoft.....
 

Re: Linux Mint ISOs & Forums Compromised
« Reply #6 on: February 25, 2016, 07:49:42 PM »
 

LL-user

  • I come here a lot
  • *****
  • 446
    Posts
  • Country: 00
  • Reputation: 213
  • Linux Lite Member

  • Linux Lite: 2.8 64bit
An update that might be important for anyone who has/had an Linux Mint Forums account:

The Linux Mint forum database was sold on January 16, a full month before users were made aware of a breach.

http://news.softpedia.com/news/linux-mint-forum-database-compromised-for-at-least-a-month-before-announcement-500901.shtml
 

Re: Linux Mint ISOs & Forums Compromised
« Reply #7 on: February 25, 2016, 08:41:52 PM »
 

avj

  • Gold Level Poster
  • *******
  • 530
    Posts
  • Country: us
  • Reputation: 110
  • Linux Lite Member

  • Linux Lite: 2.8 64bit

  • CPU: Dual core Intel Pentium D 2.80GHz

  • MEMORY: 2Gb

  • VIDEO CARD: AMD/ATI RC410 Radeon Xpress 200/1100
Evidently ZDNet interviewed the hacker, and he claims he hacked the site twice the first time on January 28 and the second time on February 18.

Article at the following link.

http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installing-linux-mint-backdoor/
I have not failed. Ive just found 10,000 ways that wont work. - Thomas Edison
 

Re: Linux Mint ISOs & Forums Compromised
« Reply #8 on: February 27, 2016, 04:08:37 PM »
 

nomko

  • Forum Regular
  • ***
  • 117
    Posts
  • Country: nl
  • Reputation: 13
  • Linux Lite Member
    • My personal Linux site

  • Linux Lite: 2.6 64bit

  • CPU: Intel Core i7

  • MEMORY: 16Gb

  • VIDEO CARD: Intel 4th. Gen. integr. GPU/Nvidia GeForce GTX860M
How did that Zack Whittaker guy ended up with that hacker? If the hacker was a "lone wolf" nobody heard of or knew about, how did Zack Whittaker ended up with him? Unless he knows the hacker and knew he was doing... I don't believe that any hacker will call up some newspaper or magazine saying: he guys! i've hacked the Mint site and the forum! you know what, i vene hacked some other sites! wanna do an interview with me??

My laptop:
MSI GE70-2PE*Quad core Intel Core i7-4710HQ*Kingston 16 GB RAM*Intel 4th Gen. Integr. GPU/NVidia GeForce GTX860M*Qualcomm Atheros Killer E2200/Intel Wireless 3160

I don't need Google, my wife knows everything!

My Linux website
 


Tags:
 


Linux Lite 4.6 RC1 has been released. See the Release Announcements section for more information.