Linux Mint site got pwned

Due to overwhelming demand, we have created a forum just dedicated to Toughbook users who use Linux!
Post Reply
Message
Author
User avatar
kode-niner
Posts: 700
Joined: Sat Jun 07, 2014 7:39 am
Location: Canada

Linux Mint site got pwned

#1 Post by kode-niner »

Personal forum details getting stolen by hackers is bad enough, but what's really sad is they managed to hack one of the releases' ISOs.
Beware of hacked ISOs if you downloaded Linux Mint on February 20th!
Written by Clem on February 21st, 2016

I’m sorry I have to come with bad news.
We were exposed to an intrusion today. It was brief and it shouldn’t impact many people, but if it impacts you, it’s very important you read the information below.
What happened?
Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.
Does this affect you?
As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.
If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.
Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.
Note: although Clem says that it only affects February 20th downloads, someone commented that he was still getting a hacked ISO on the 21st and that attacks might still be ongoing.

More info: http://blog.linuxmint.com/
Daily drives a CF-31

User avatar
Azrial
Posts: 540
Joined: Sun Nov 29, 2009 1:52 pm
Location: Hotlanta, GA, USA!
Contact:

Re: Linux Mint site got pwned

#2 Post by Azrial »

And they could not release a checksum verification tool?
I am what I am, somebody has to be.
Call me for free from anywhere in the USA from my homepage! http://www.azrial.com/
CF-31JEGAX1M Mk2 Intel i5-2520M 2.50 GHz, Win7x64 & Ubuntu x64 14.04LTS Dual Boot, 16GB RAM, Samsung 250GB SSD, 2x64GB USB FD, 64GB SDHC, GOBI 4000, BUGPS, IBM AC/DC Supply #22P9003

User avatar
Bill_TN
Posts: 531
Joined: Sat Mar 21, 2015 9:07 am
Location: Ft. Campbell area.

Re: Linux Mint site got pwned

#3 Post by Bill_TN »

My ISO copies are from the 31st of Jan. I usually grab a new copy for the archives here, as soon as they come out. I know for sure that I got 32bit cinn. Also if you use an older version to do the inital install then the consecutive up grade is supposed to be not affected.
CF-29ET, CF-28ST, CF-30G , CF-M34, CF-19Ch, CF-19FH, CF-19CD, CF-73 mk1, CF-74K & H, CF-51RCB, CF-51RCL, CF-52CC .

As long as the deal is good for you it is good for me.

Member of Toughbooktalk and Notebook Review forums

User avatar
kode-niner
Posts: 700
Joined: Sat Jun 07, 2014 7:39 am
Location: Canada

Re: Linux Mint site got pwned

#4 Post by kode-niner »

Azrial wrote:And they could not release a checksum verification tool?
md5sum is part of all distribution's core utils. People have to use it, though.

Besides that, the site got hacked through a Wordpress vuln, so the hash could be faked unless they take steps to protect its distribution or have it replicated on multiple sources to doublecheck its authenticity. It's just a lot for the average Joe to wrap his mind around when he's only trying to download the latest popular distro.
Daily drives a CF-31

Post Reply

Return to “The LINUX forum!!!”