Trouble in paradise: mint website/forum/iso's hacked

Discussion in 'Other Operating Systems' started by IKT, Feb 22, 2016.

  1. broccoli

    broccoli Member

    Joined:
    Feb 21, 2010
    Messages:
    21,502
    Location:
    Perth
    I agree absolutely that a hack, quickly identified, warned about, addressed and fixed has nothing whatsoever to do with the integrity of the OS/software itself.

    But,I disagree that ANY software can be declared "safe" unless all of its code has been personally examined and tested so that the person making the declaration can actually make that declaration and nobody generally looks at all of it, they work as a team, and there's an element of trust that the guy in the next cubicle is not "dodgy". Having said that, there's no reason to believe that the OS is "unsafe" (whatever the hell that is supposed to mean in this day and age).

    The type of hysteria you refer to in your article is IMO far more dangerous than the flaws in computer software that are identified and then fixed. The idiotic desire for "safety" while behaving in a manner that puts your "safety" at risk is exhausting. Downloading anything that is presented to you because you are told that it is "safe" and not because you've thought about what it is and what it does is nuts. The "tell me it's safe!" types do my head in.
     
  2. deepspring

    deepspring Member

    Joined:
    Jul 8, 2002
    Messages:
    3,601
    Location:
    Maitland, NSW
    There is no such thing as a "safe" operating system.

    Every operating system comes with an element of risk, some more than others due to their market share.

    For example, Microsoft Windows has long been the base target for hackers, and there have been many many security flaws over the years that have been successfully exploited not just in the wild, but also on a large scale. Yet for some reason, users have shown zero concern (for whatever reason) and have readily and happily continued to use it despite the risk.

    OS X, FreeBSD, OpenBSD, NetBSD, Linux also have their fair share of exploitable flaws being discovered on an almost daily basis. True that an overwhelming majority of these require physical access to the machine itself, but none the less the security flaws are there.
     
  3. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    43,136
    Location:
    Brisbane
    I've done this technology/security thing for a while now, and I'll tell you first hand that the most interesting thing I've learned over the course of it has nothing to do with technology. Instead, the most interesting part still is the psychology of end users.

    People insist on living in a world of absolutes. Good versus bad, black versus white, secure versus insecure. None of these things exist in absolutes anywhere, and computer science is no different. Hell, even defining "better" or "worse" sometimes is really hard, with subjectivity and "horses for courses" being issues of consideration for the needs of whatever particular group of users you're analysing.

    Like most things, people's ignorance to issues, and a constant desire to simplify things to ludicrous extremes, are the real problems. Intelligence and education are the antidote, although even that is damned difficult in a world full of people who despise anything challenging or new.

    </misanthrope>
     
  4. broccoli

    broccoli Member

    Joined:
    Feb 21, 2010
    Messages:
    21,502
    Location:
    Perth
    Yes. I'd say that it is low down on the "anything certain" continuum. There are things that can be said with a reasonable amount of certainty. Programming isn't one of them. There's a reason when you read computer code there is a lot of "IF" in there. You've no idea of the "ifs" you haven't allowed for until you find out. Nobody can anticipate everything, you have to do your best and then find things out when you are using it and realise that something should have been done or done differently.
     
  5. @kernelhack

    @kernelhack Member

    Joined:
    Feb 9, 2013
    Messages:
    60
    Location:
    Brisbane, QLD
    While the following link contains a post from Freedom Publishers Union detailing of a similar scenario of what happened to Linux Mint ISO's, there is no evidence of a compromise here rather an organization simply taking precautionary measures.

    I didn't want to create a new thread, as it just wasn't worth it. But I did want to share this to simply demonstrate that it can happen to anyone and any organization.

    http://bit.ly/21dAuWl
     
  6. juggernaut88

    juggernaut88 Member

    Joined:
    Aug 5, 2015
    Messages:
    228
    Location:
    /dev/null
    Did you end up identifying what led to your mirror and the ISOs on it?
     
  7. @kernelhack

    @kernelhack Member

    Joined:
    Feb 9, 2013
    Messages:
    60
    Location:
    Brisbane, QLD
    Yeah no evidence was found ANYWHERE that anything had been hacked into, altered, tampered with or otherwise changed.

    We are safely declaring it just a corrupted ISO which obviously occurred during the initial sync of the original ISO files.

    New files have been synced and will be uploaded to the mirror within the hour. ;)
     
  8. juggernaut88

    juggernaut88 Member

    Joined:
    Aug 5, 2015
    Messages:
    228
    Location:
    /dev/null
    OK cool. I don't use it I was just curious as to the outcome. Good to hear nothing was compromised :)
     
  9. elh9

    elh9 Member

    Joined:
    Feb 28, 2016
    Messages:
    107
    Location:
    Perth NOR
    I was going to try Mint to see how it compared to other distros (I have seen quite a few people running it) but based off the comments in the OP's post
    ,
    I'll probably give it a miss ... nothing to do with the website hack, as others have said, most sites can be hacked at some point.
    I realise that is one persons thoughts on Mint, but it's enough for me to leave it alone for a while (don't know enough about linux security to investigate for myself)
     
  10. Perko

    Perko Member

    Joined:
    Aug 12, 2011
    Messages:
    4,500
    Location:
    NW Tasmania
    I'm not big into the FLOSS political scene, so I can't really comment on the motivations of the criticisms in various media over the years, but I trialled Mint prior to the introduction of MATE as a desktop replacement for elderly people stuck on Windows 98SE/2K. I found the UI design and flow at the time to be superior, and more lightweight than Gnome 2, and I think Unity 1 came out at around that time and really added weight to Ubuntu; but in the end, I put most of them on Xubuntu for a while because MATE did the same thing to Mint that Unity had done to Ubuntu.

    I just find right now that is you're doing a desktop replacement on an EOL Windows machine that the user doesn't want to upgrade, or the machine can't run 8.1 or whatever, Ubuntu is the place to be for relative simplicity and user satisfaction once they come to grips with the UI change. I'm not sure about the current arrangements, but when I was looking at it, Mint was pulling all of its non-UI/skin patches from the Ubuntu repos anyway. Given the basic, (office/web browser/maybe email), level of package installation required, I can't really see how the risk profile would be hugely different to Ubuntu, or could possibly be worse than the average Windows install, they always seemed to be actively monitoring attack vectors like everyone else.

    If you're looking at higher level use, admin, dev, or server, for example, you're probably in the wrong thread anyway. :)
     

Share This Page

Advertisement: