Posted on 02/22/2016 7:26:56 PM PST by Utilizer
Last night, the Linux Mint team announced that someone had hacked their servers and started pointing user downloads to malicious ISO images for the Linux Mint 17.3 Cinnamon edition. Our Linux editor already covered the initial details of the attack, which we recommend reading before going forward with this article.
Since then, in the last ten hours, the Linux and infosec communities have been working hard to investigate what happened and how the hackers operated. Linux Mint Team: They hacked us via our WordPress site
The first to provide an answer was Clement Lefebvre, leader of the Linux Mint project, who acknowledged in a comment on the official announcement that the initial point of entry was their WordPress blog.
The hackers managed to escalate their access to the underlying server and finally get shell access to www-data, Lefebvre explained. From here they modified the Linux Mint download page to point to a malicious FTP server hosted in Bulgaria (IP: 5.104.175.212).
(Excerpt) Read more at news.softpedia.com ...
Ping!
Script kiddie job
WordPress has a million vulnerabilities.
You want to do a blog, rent a separate, dedicated server in somebody else’s data center.
I was trying to get in to download a new ISO last night and couldn’t. Now I know why.
Still a problem, scriptkiddie or no. A compromised source is a danger nonetheless, notwithstanding the method that originated it.
They should have it repaired shortly. Linux coders are the best. :)
Still down.
The article says, “they modified the Linux Mint download page to point to a malicious FTP server” not that they hacked the repository.
Ehrmmm... you consider the misdirecting of a pointer to a site hosting a malicious main iso download page somehow not a repository?
Perhaps if someone posted a link to a Mint iso repo and then showed you the different malicious iso location you might perchance reconsider your position?
Just a thought.
My opinion, its a ‘malicious version’ repo, albeit not a compromised main/standard repo. It’s still a compromised download source.
Give it a bit of time, mate.
I dunno. You’d have to elaborate.
I have three machines running Mint. I love it, it will really bring new life to an older machine. The only one currently running is on my sons laptop, I need to check it out in the morning. Mine are dedicated machines for ham radio and have not been on in a few weeks.
More info here, including comments from the supposed hacker:
http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installing-linux-mint-backdoor/
Thanks so much for the extra info. More information is always welcome. :)
Not to denigrate Mint, but if you are looking at working with older machines there are certain distros out there specifically designed to work with older machines, even those with quite limited resources.
In rough order of less resource demands, here are a few:
1. AntiX and/or MX-14
2. Mepis 8.0 (yes, it’s older. It works.)
3. uberstudent 2.0 lxde
4. ultimate edition lite
5. Aptosid Thanatos xfce i386
6. Linux From Scratch (LFS)
7. Damn Small Linux (DSL)
Among others...
Running gparted/GPT from a bootable Rescue CD (System Rescue CD is highly recommended) to partition the drive(s) prior to installation is most strongly advised. PartImage also is helpful to recover from any difficulties in the future.
Oh, and there are also some kiosk Linux versions you might be interested in as well.
Have fun!
The bad operating system ISO files were available for download only on Feb. 20. If your son's computer had Mint 17.3 installed before then, it should be OK.
?ping?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.