Trouble in paradise: mint website/forum/iso's hacked

Discussion in 'Other Operating Systems' started by IKT, Feb 22, 2016.

  1. IKT

    IKT Member

    Joined:
    Feb 4, 2007
    Messages:
    4,278
    http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installing-linux-mint-backdoor/
    https://thehackernews.com/2016/02/linux-mint-hack.html
    http://blog.linuxmint.com/?p=2994

    https://lwn.net/Articles/676664/

    ouch
     
  2. zero_velocity

    zero_velocity Member

    Joined:
    Sep 16, 2010
    Messages:
    2,804
    Location:
    QLD
    Looks like the suffered a second attack too, after announcing that the first had cleared.

    (source: http://blog.linuxmint.com/?p=2994 post no.5)
     
  3. broccoli

    broccoli Member

    Joined:
    Feb 21, 2010
    Messages:
    21,502
    Location:
    Perth
    How does somebody do this? They get the password to the website so they can change things on the website, or? Also, how does a website owner find out that something like this happened (other than having some eagle-eyed user tell them)?

    What does the website owner have to do to get rid of the "baddies"?
     
  4. mooboyj

    mooboyj Member

    Joined:
    Sep 13, 2005
    Messages:
    1,037
    I saw "Wordpress" and stopped reading...
     
  5. @kernelhack

    @kernelhack Member

    Joined:
    Feb 9, 2013
    Messages:
    60
    Location:
    Brisbane, QLD
    This is such a daft comment considering how many perfectly legitimate and secure websites actually DO run off WordPress. You're either ignorant, or simply not aware of just how much WP is in use in the internet.

    WP is only as secure as its admins have made it, along with the server infrastructure it resides on. If it's unsafe, then the webmasters and admins have failed at their job or securing it.
     
  6. mooboyj

    mooboyj Member

    Joined:
    Sep 13, 2005
    Messages:
    1,037
    I admin two CPanel boxes with ~250 domains on them. I have reasonable knowledge of Wordpress and how it is being exploited on a regular basis. I am also well aware that it isn't the best thing without a tweak or two...
     
  7. maldotcom2

    maldotcom2 Member

    Joined:
    Feb 18, 2006
    Messages:
    2,035
    Is there anything stopping this happening with packages? :sick:
     
  8. @kernelhack

    @kernelhack Member

    Joined:
    Feb 9, 2013
    Messages:
    60
    Location:
    Brisbane, QLD
    Well again, either you or your colleagues clearly are failing miserably. I also work in the field.
     
  9. mooboyj

    mooboyj Member

    Joined:
    Sep 13, 2005
    Messages:
    1,037
    I admin the boxes, not the sites. We clean them up when the client or their web dev is incapable of fixing it.
     
  10. OP
    OP
    IKT

    IKT Member

    Joined:
    Feb 4, 2007
    Messages:
    4,278
    You say that but wordpress attracts scripts, bots and hackers like nothing else.
     
  11. orangepeel376

    orangepeel376 Member

    Joined:
    Feb 17, 2016
    Messages:
    60
    This is bad for Linux, Especially for mint. This will turn many people away from Linux. Who would want to try a small operating system that got hacked?
    I think I will get ubuntu instead.
    Sorry mint:(
     
  12. @kernelhack

    @kernelhack Member

    Joined:
    Feb 9, 2013
    Messages:
    60
    Location:
    Brisbane, QLD
    Rest assured, the ISO images on Mint are now back online and all legitimate. I would urge caution however from sourcing Mint ISOs from torrent networks. That's where the nasty ones are going to be floating around.
     
  13. sammy_b0i

    sammy_b0i Laugh it up, fuzzball!

    Joined:
    Jun 29, 2005
    Messages:
    4,155
    Location:
    ACT 2913
    Err... no.

    This can happen to any website that hasn't been secured properly. Ubuntu included. Change a file on a mirror and voila. Nothing to do with Mint itself being somehow insecure. How would this turn people away from Linus when Windows is just one giant malware/botnet? :confused:
     
  14. gdjacobs

    gdjacobs Member

    Joined:
    Apr 3, 2007
    Messages:
    2,593
    Location:
    MB, Canada
    Be sure to double check with those SHA hashes.
     
  15. flu!d

    flu!d Never perfect, always genuine

    Joined:
    Jun 27, 2001
    Messages:
    18,750
    Totally agreed, well said my friend....
     
  16. sammy_b0i

    sammy_b0i Laugh it up, fuzzball!

    Joined:
    Jun 29, 2005
    Messages:
    4,155
    Location:
    ACT 2913
    [​IMG]

    Go team common sense! :thumbup:
     
  17. deepspring

    deepspring Member

    Joined:
    Jul 8, 2002
    Messages:
    3,601
    Location:
    Maitland, NSW
    Packages are cryptographically signed, and one would hope they are hosted on a different server.

    Edit: yes I know this is a moot point if someone had access to a packages signing key.
     
    Last edited: Mar 2, 2016
  18. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    43,136
    Location:
    Brisbane
    In summation:

    1) Download ISOs from anywhere you like. Torrent, website, ftp, zsync - it doesn't matter (well, magnet links are much safer, to be honest).

    2) Download the SHA256SUMS file that goes with the ISO. Check your ISO with it.

    3) Grab the packager's public GPG key. Use it to verify the SHA256SUMS list.

    If 2 or 3 fail, delete the ISO immediately, and don't use it.

    If I can be stuffed, I'll do an example of this later tonight.

    Yes, all packages are signed. Don't install packages that fail their digital signature (same story for all OSes - Windows and Mac are the same).

    The package signing private key should be far, far away from the public website.
     
  19. deepspring

    deepspring Member

    Joined:
    Jul 8, 2002
    Messages:
    3,601
    Location:
    Maitland, NSW
    I agree, I was presenting a worst case scenario.
     
  20. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    43,136
    Location:
    Brisbane
    To be fair, I've seen package signing private keys compromised in the past. So it's not outside the realm of possibility at all.
     

Share This Page

Advertisement: