[TriLUG] Linux Mint Site Hacked
Erik Nelson via TriLUG
trilug at trilug.org
Thu Feb 25 11:03:23 EST 2016
On 02/25/2016 10:13 AM, tj wrote:
> that is true
> but the mint issue was md5 did not match with "botnet backdoor" ISO...
> they can swap md5, but they did not...
>
> I believe Mints is targeting common Windows Audiences that do not
> care on md5 or hashing...
Fair point. It's a shame because I've been very impressed with the
distro itself. Unfortunately after
this whole fiasco and reading about some of their other security
oversights (the forum passwords
were not even salted), I don't trust the Mint team and I cannot in good
conscience recommend it
to anyone, much less those who are new to the Linux Desktop.
Here's a rather scathing comment on LWN if y'all haven't seen it,
detailing a number of Mint's failings:
https://lwn.net/Articles/676664/
Also, the forum database had been up for sale for some time before this
news broke. This was
not a "brief compromise":
https://twitter.com/ChunkrGames/status/688346150622081024
I understand the audience Mint is targeting, and there's certainly a
great need for beginner
friendly distros we can recommend to people interesting in joining the
ecosystem. Isn't it
our responsibility to set the example for best security practices, and
to practice what we preach?
- Erik
>
>
> On Thu, Feb 25, 2016 at 9:26 AM, Erik Nelson via TriLUG
> <trilug at trilug.org <mailto:trilug at trilug.org>> wrote:
>
>
>
> On 02/22/2016 11:16 AM, tj via TriLUG wrote:
>
> as I know, md5sum was not valid/did match . they changed the
> ISO downloan
> to Bulgaria :D.
>
>
> Just caught up with the thread, so forgive me if someone has made
> the point already...
>
> The real problem here is that it is *not* enough to post a
> checksum and call it a day. If a malicious entity
> has enough access to your servers to swap your iso for their
> poison, they have enough access to
> upload an md5 that will match said poison.
>
> Sign and verify signatures folks.
>
> - Erik
>
>
> On Mon, Feb 22, 2016 at 11:11 AM, Thomas Delrue via TriLUG <
> trilug at trilug.org <mailto:trilug at trilug.org>> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> They didn't even do that. They replace the *links* to the
> good ISO's
> with links to the hacker's machines containing bad ISO's.
>
> Goes to show though: sign everything with GPG and always
> validate sigs
>
> If anything, this was more an attack on the users rather
> than the OS...
>
> P.S.: Speaking of which, my key is 0x08B3FA4E...
>
> On 02/22/2016 10:59 AM, Christopher Blackmon via TriLUG wrote:
>
> It's not as if they attacked the OS itself... they
> hacked the web
> siteand replaced a .iso with a backdoored one. christopher
>
> From: tj via TriLUG <trilug at trilug.org
> <mailto:trilug at trilug.org>> To: John Vaughters
> <jvaughters04 at yahoo.com
> <mailto:jvaughters04 at yahoo.com>>; Triangle Linux Users
> Group General
> Discussion <trilug at trilug.org
> <mailto:trilug at trilug.org>> Sent: Monday, February 22,
> 2016 10:55
> AM Subject: Re: [TriLUG] Linux Mint Site Hacked
>
> Linux os not a toy anymore :)
>
> on my understanding, they attack Mints due on many
> users of Mints
> came for "user friendly" Windows, where to try windows
> alternative.
> They do not understand MD5SUM or checking after
> downlonding the ISO
> fie. As I remember downloading ISO WINS 10, none told
> me to check
> MD5SUM :D
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBCgAGBQJWyzM8AAoJEKosl9oIs/pOWm0QAI3/EPPSNExvtUd39GbKwyXc
> rK2mwyYTAWQeqrGUl227csErNY7csTuf7nGEnXtJkLSGm0SaJueJavkIOYlEwSFM
> EToK7vG/5/Q7IeVZ87nk1spSopWlN/cqhUSB/eZKBT6naWcBswR1XoRBarHk30xJ
> 440drNfRYN2l+h9Hzh8qtoGDkgVQV9TYcpv0FXQKYGAPPN/YgxuK1Yve5IT5b5GQ
> hrZhINUCAkbppcU/ywtboZzayep79rhlT/549WB2HlumicNgt67MHcnKZCsnx2Dv
> 6N5Zf886gg/ACKI3zJ/y4FVswzqQk4RT0C1Ufe2nnxfKziFEuIXZCksNYW+NneiR
> iz5lWnP+KibygSsYc7ogrUh19GQL1AIeMXho/Xq4ixXHp5NaQDoCjfj+tuBprySB
> LoIDOmBZwUqbtVhkoeZtvS9FR9wF5gMrhdLexJ5RqpMhVxiyRxKackcn723U5wh6
> FuUGR0ioJsZ+B8EB+hMxSSBWA1w3cCn2RqUehQlhYn6EA60kwGw0sr4NPz66+FJv
> gxf7o/s5AHzKEKKKa5oXf7cRAhXB+IbcHn+GpnTzdcqqiv19G5tKckSvdbjdycp+
> cp7K7HRh4FSnw5g7qga4F65EdF6kC8H2x4VA/sxBoLCtYUX70dGMKyOQeQe7cLke
> dHQCUwqoV40f90x2YMh0
> =B9cN
> -----END PGP SIGNATURE-----
> --
> This message was sent to: fendy <bimasakti at gmail.com
> <mailto:bimasakti at gmail.com>>
> To unsubscribe, send a blank message to
> trilug-leave at trilug.org <mailto:trilug-leave at trilug.org>
> from that
> address.
> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/bimasakti%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>
>
> --
> This message was sent to: fendy <bimasakti at gmail.com
> <mailto:bimasakti at gmail.com>>
> To unsubscribe, send a blank message to trilug-leave at trilug.org
> <mailto:trilug-leave at trilug.org> from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/bimasakti%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
>
>
More information about the TriLUG
mailing list