Announcement

Collapse
No announcement yet.

Linux Mint website hacked, ISO downloads replaced with backdoored operating system

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Linux Mint website hacked, ISO downloads replaced with backdoored operating system

    This is disturbing to see happen to a major Linux distro. I'm glad it wasn't Kubuntu. Bugs me because Mint would be my second choice after Kubuntu. I had Mint/KDE on a laptop for a while.

    If you downloaded Linux Mint on Saturday, February 20th, you may have grabbed a hacked version that includes a backdoor. Here's what you need to know.
    If you downloaded Linux Mint on Saturday, February 20th, you may have unknowingly downloaded a hacked version of the operating system.

    According to a blog post on the Linux Mint site, hackers broke into the Linux Mint website at some point on Saturday and made changes in order to direct users toward downloading “a modified Linux Mint ISO, with a backdoor in it.” Using the hacked version could allow hackers to steal your private information. According to Linux Mint, the hack only affects those who downloaded the Linux Mint 17.3 Cinnamon edition from the Linux Mint website on Saturday.

    “If you downloaded another release or another edition, this does not affect you,” the blog post states. “If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.”

    The Linux Mint website is down for the time being (aside from the blog, anyway) as the team works to re-secure the site.
    ......
    [continued]
    full article: http://www.pcworld.com/article/30356...inux-mint.html
    Kubuntu 22.04 (desktop & laptop), Windows 7 &2K (via VirtualBox on desktop PC)
    ================================

    #2
    I'll risk repeating myself on this but...

    a) yes most folks, because they are much smarter than the old woodsmoker run a new dingus in a virtual machine which will obviate this, or should.

    b) That is why I purchased a boxload of small hard drives quite a few years ago, and why my drive stands outside the box, vertically, on an ammunition "holder" with foam underneath(silencer) and a dedicated fan blowing on the drive.

    I can switch out the drive is less than a minute, so I can test a distro on a "clean" drive for quite a while and if it goes bonkers there is absolutely nothing of import on the drive. I never use it to log into anything, don't save anything directly to it, data goes onto a usb and later to a storage drive and/or dvd.

    Of course I'm doing this not because of being "hacked" but because of possible system failure....

    Ummm lol.............the "model" of this last year was in the t.v. series Mr. Robot, when the protagonist thought that he had been "hacked" he drilled and microwaved his hard drive(s). :0

    Now.............what is the "chance" of me "being hacked"? Uuummmm approaching zero, but.........this produces a whole new wrinkle.....

    it could happen to ANYbody...

    just sayin'

    woodsmoke
    Last edited by woodsmoke; Feb 22, 2016, 01:23 PM.

    Comment


      #3
      Originally posted by woodsmoke View Post
      I'll risk repeating myself on this but...

      a) yes most folks, because they are much smarter than the old woodsmoker run a new dingus in a virtual machine which will obviate this, or should.

      b) That is why I purchased a boxload of small hard drives quite a few years ago, and why my drive stands outside the box, vertically, on an ammunition "holder" with foam underneath(silencer) and a dedicated fan blowing on the drive.

      I can switch out the drive is less than a minute, so I can test a distro on a "clean" drive for quite a while and if it goes bonkers there is absolutely nothing of import on the drive. I never use it to log into anything, don't save anything directly to it, data goes onto a usb and later to a storage drive and/or dvd.

      Of course I'm doing this not because of being "hacked" but because of possible system failure....

      Ummm lol.............the "model" of this last year was in the t.v. series Mr. Robot, when the protagonist thought that he had been "hacked" he drilled and microwaved his hard drive(s). :0

      Now.............what is the "chance" of me "being hacked"? Uuummmm approaching zero, but.........this produces a whole new wrinkle.....

      it could happen to ANYbody...

      just sayin'

      woodsmoke
      That's a great idea. I've long considered keeping extra hard drives in reserve for situations like you describe. One thing I'm thinking of doing is a Clonezilla of my hard drive and then put that over onto another drive. That way if I have a drive crash, I'm back up and running in the time it takes me to change out the drive and let some updates run.
      Kubuntu 22.04 (desktop & laptop), Windows 7 &2K (via VirtualBox on desktop PC)
      ================================

      Comment


        #4
        Backdoor eh? My question is how would they use it to their advantage? Unless the OS sends them a notice saying, "Attention hacker: Simon Tomoko at IP address 255.255.255.255, just installed your tainted OS". Then that would seem rather pointless. But a lot of people are doing pointless hacking these days. Our servers at the clinic are under attack by a botnet (or so I am told) but we are just swapping out the IP address. I don't understand a botnet or why they would attack a clinic or what any hacker could want here but we are still using the same old Debian that Frank installed years ago.

        Comment


          #5
          To clarify, the iso images on mint servers were not replaced, the link to one specific version was changed to point to the compromised one. Torrents and direct downloads were not affected.

          As to why botnet creators choose where they try to get zombies, well because they can. Opportunity is also key. As is having the most number of computers creating the ddos as possible. You can buy or rent these if you know where to look.

          sent from my LG V10 using Tapatalk

          Comment

          Working...
          X