[TriLUG] Linux Mint Site Hacked

Erik Nelson via TriLUG trilug at trilug.org
Thu Feb 25 09:26:59 EST 2016



On 02/22/2016 11:16 AM, tj via TriLUG wrote:
> as I know, md5sum was not valid/did match . they changed the ISO downloan
> to Bulgaria :D.

Just caught up with the thread, so forgive me if someone has made the 
point already...

The real problem here is that it is *not* enough to post a checksum and 
call it a day. If a malicious entity
has enough access to your servers to swap your iso for their poison, 
they have enough access to
upload an md5 that will match said poison.

Sign and verify signatures folks.

- Erik
>
> On Mon, Feb 22, 2016 at 11:11 AM, Thomas Delrue via TriLUG <
> trilug at trilug.org> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> They didn't even do that. They replace the *links* to the good ISO's
>> with links to the hacker's machines containing bad ISO's.
>>
>> Goes to show though: sign everything with GPG and always validate sigs
>>
>> If anything, this was more an attack on the users rather than the OS...
>>
>> P.S.: Speaking of which, my key is 0x08B3FA4E...
>>
>> On 02/22/2016 10:59 AM, Christopher Blackmon via TriLUG wrote:
>>> It's not as if they attacked the OS itself... they hacked the web
>>> siteand replaced a .iso with a backdoored one. christopher
>>>
>>> From: tj via TriLUG <trilug at trilug.org> To: John Vaughters
>>> <jvaughters04 at yahoo.com>; Triangle Linux Users Group General
>>> Discussion <trilug at trilug.org> Sent: Monday, February 22, 2016 10:55
>>> AM Subject: Re: [TriLUG] Linux Mint Site Hacked
>>>
>>> Linux os not a toy anymore :)
>>>
>>> on my understanding, they attack Mints due on many users of Mints
>>> came for "user friendly" Windows, where to try windows alternative.
>>> They do not understand MD5SUM or checking after downlonding the ISO
>>> fie.  As I remember downloading ISO WINS 10, none told me to check
>>> MD5SUM :D
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.22 (GNU/Linux)
>>
>> iQIcBAEBCgAGBQJWyzM8AAoJEKosl9oIs/pOWm0QAI3/EPPSNExvtUd39GbKwyXc
>> rK2mwyYTAWQeqrGUl227csErNY7csTuf7nGEnXtJkLSGm0SaJueJavkIOYlEwSFM
>> EToK7vG/5/Q7IeVZ87nk1spSopWlN/cqhUSB/eZKBT6naWcBswR1XoRBarHk30xJ
>> 440drNfRYN2l+h9Hzh8qtoGDkgVQV9TYcpv0FXQKYGAPPN/YgxuK1Yve5IT5b5GQ
>> hrZhINUCAkbppcU/ywtboZzayep79rhlT/549WB2HlumicNgt67MHcnKZCsnx2Dv
>> 6N5Zf886gg/ACKI3zJ/y4FVswzqQk4RT0C1Ufe2nnxfKziFEuIXZCksNYW+NneiR
>> iz5lWnP+KibygSsYc7ogrUh19GQL1AIeMXho/Xq4ixXHp5NaQDoCjfj+tuBprySB
>> LoIDOmBZwUqbtVhkoeZtvS9FR9wF5gMrhdLexJ5RqpMhVxiyRxKackcn723U5wh6
>> FuUGR0ioJsZ+B8EB+hMxSSBWA1w3cCn2RqUehQlhYn6EA60kwGw0sr4NPz66+FJv
>> gxf7o/s5AHzKEKKKa5oXf7cRAhXB+IbcHn+GpnTzdcqqiv19G5tKckSvdbjdycp+
>> cp7K7HRh4FSnw5g7qga4F65EdF6kC8H2x4VA/sxBoLCtYUX70dGMKyOQeQe7cLke
>> dHQCUwqoV40f90x2YMh0
>> =B9cN
>> -----END PGP SIGNATURE-----
>> --
>> This message was sent to: fendy <bimasakti at gmail.com>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
>> address.
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> Unsubscribe or edit options on the web  :
>> http://www.trilug.org/mailman/options/trilug/bimasakti%40gmail.com
>> Welcome to TriLUG: http://trilug.org/welcome
>>



More information about the TriLUG mailing list