cancel
Showing results for 
Search instead for 
Did you mean: 

If you d/led Mint on this week read this

Community Veteran
Posts: 6,611
Thanks: 209
Fixes: 15
Registered: 16-02-2009

If you d/led Mint on this week read this

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our [Mint] website to point to it. As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.
Full story HERE
You know you are popular when the hackers start hacking your stuff  Wink Cry
15 REPLIES
Community Veteran
Posts: 7,991
Thanks: 636
Fixes: 8
Registered: 02-08-2007

Re: If you d/led Mint on this week read this

Thanks for flagging this up along with the link.
I downloaded and updated to 17.3 a few days ago so I am safe enough (I hope)
At least they have been quick in informing users and the checksum in your link should reassure users or confirm the worse.
Hopefully this will no be followed by further attacks on what is a great OS.
VileReynard
Seasoned Pro
Posts: 10,651
Thanks: 206
Fixes: 9
Registered: 01-09-2007

Re: If you d/led Mint on this week read this

I don't understand why the download site isn't static HTML with static MD5 checksums.
This could easily be a bullet-proof site - assuming people do simple MD5 checks against any downloads.
Interesting that Bit Torrent gives a non-hacked version.

Community Veteran
Posts: 4,987
Thanks: 1,154
Fixes: 29
Registered: 16-10-2014

Re: If you d/led Mint on this week read this

It wouldn't make any difference as they hacked the site in the first place so nothing stopping them replacing the checksum on the page.
VileReynard
Seasoned Pro
Posts: 10,651
Thanks: 206
Fixes: 9
Registered: 01-09-2007

Re: If you d/led Mint on this week read this

Quote
I’ll ask this question, without knowing the intrinsic details, or any specific details other than what has been posted above; did the breach have anything to do with the fact that you’re running WordPress?
Best wishes and thanks for the heads up.
Edit by Clem: Yes, the breach was made via wordpress. From there they got a www-data shell.

Community Veteran
Posts: 4,987
Thanks: 1,154
Fixes: 29
Registered: 16-10-2014

Re: If you d/led Mint on this week read this

To be honest I didn't read the article, and I know nothing about wordpress, but I'll stick by my last post, until proved otherwise.
Corrected Typo.
DaveyH
Seasoned Pro
Posts: 1,320
Thanks: 192
Fixes: 7
Registered: 15-11-2012

Re: If you d/led Mint on this week read this

Their forum database has been compromised too.
http://blog.linuxmint.com/?p=3001
DaveyH
Seasoned Pro
Posts: 1,320
Thanks: 192
Fixes: 7
Registered: 15-11-2012

Re: If you d/led Mint on this week read this

The hacker responsible has been communicating with ZDNet to explain their motive
http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-installing-linux-mint-backdoor/
Community Veteran
Posts: 6,611
Thanks: 209
Fixes: 15
Registered: 16-02-2009

Re: If you d/led Mint on this week read this

He/They call that a reason?
My email is common but the password for for that site only anyway. And I know it has been used by spammers before from the amount of spam it gets. I will retire it one day, when I remember where I use it '-)
Forums still down.
But on the have I been pawned site, the "biggest" sites:
Adobe logo 152,445,165 Adobe accounts
Ashley Madison logo 30,811,934 Ashley Madison accounts
000webhost logo 13,545,468 000webhost accounts
Gamigo logo 8,243,604 Gamigo accounts
Heroes of Newerth logo 8,089,103 Heroes of Newerth accounts
Nexus Mods logo 5,915,013 Nexus Mods accounts
Makes Mint's forum hack seem tiny by comparison.
DaveyH
Seasoned Pro
Posts: 1,320
Thanks: 192
Fixes: 7
Registered: 15-11-2012

Re: If you d/led Mint on this week read this

The website is back up and running
http://www.linuxmint.com
Forums still down ATM though
http://forums.linuxmint.com
So presumably there will be an update on the blog soon, though nothing yet
http://blog.linuxmint.com
MatrixRob
Grafter
Posts: 78
Thanks: 2
Registered: 16-11-2015

Re: If you d/led Mint on this week read this

The integrity checks for downloaded Linux ISO's SHOULD be compared with SHA256 and not MD5.
MD5 can be compromised/ hacked, even SHA-1 is more secure than MD5 Algorithms.
There are a few freebies online to check data integrity using SHA256
been using this one for years which works great.
http://download.cnet.com/MD5-SHA-Checksum-Utility/3000-2092_4-10911445.html

No problem can be solved from the same level of consciousness that created it.
Albert Einstein
Community Veteran
Posts: 4,987
Thanks: 1,154
Fixes: 29
Registered: 16-10-2014

Re: If you d/led Mint on this week read this

If you already have Linux then these are of course already provided e.g. sha256sum and for Windows there is this :
https://gallery.technet.microsoft.com/PowerShell-File-Checksum-e57dcd67
Community Veteran
Posts: 6,611
Thanks: 209
Fixes: 15
Registered: 16-02-2009

Re: If you d/led Mint on this week read this

It doesn't really matter what you used as they changed the checksums as well.
But I tend to use downthemall in FF and put the checksum in the box at the bottom.
products42
Newbie
Posts: 3
Registered: 25-03-2013

Re: If you d/led Mint on this week read this

Quote from: Hairy

But on the have I been pawned site, the "biggest" sites:
Adobe logo 152,445,165 Adobe accounts
Ashley Madison logo 30,811,934 Ashley Madison accounts
000webhost logo 13,545,468 000webhost accounts
Gamigo logo 8,243,604 Gamigo accounts
Heroes of Newerth logo 8,089,103 Heroes of Newerth accounts
Nexus Mods logo 5,915,013 Nexus Mods accounts
Makes Mint's forum hack seem tiny by comparison.

"Have I been pwned ?" is a great resource to check whether your email has been harvested.  It's worth checking your email address on it to see if you need to create a new one.
VileReynard
Seasoned Pro
Posts: 10,651
Thanks: 206
Fixes: 9
Registered: 01-09-2007

Re: If you d/led Mint on this week read this

I'm on Adobe & Mint (forums).