Warning

 

Close
Confirm Action

Are you sure you wish to do this?

Cancel Confirm
6651 Online
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
AR15.COM
bravocompany
My Account
bravocompany bravocompany bravocompany
brownells brownells
tnvc tnvc tnvc
springfield
Guns
colt
aim
midwest
silencerShop
fightlite
JRH
brownells
GS
vortex
magpul
skd
cz
primaryArms
palmetto
bravocompany
OSIGHT
geissele
RS
Holosun
DFC
6651 Online
Holosun
silencerShop
magpul
JRH
aim
colt
skd
palmetto
midwest
Guns
OSIGHT
primaryArms
RS
brownells
DFC
fightlite
bravocompany
GS
cz
vortex
springfield
geissele
Sponsor News Introducing TNVC's NEW and Exclusive Filmed SuperGain (FSG) and Chimera Panoramic Goggle Giveaway!
Site News The People of Virginia VS Grabigial BanBerger | ARFCOM News
2/26/2016 1:17:16 AM EDT
Full article at link

Why the Linux Mint hack is an indicator of a larger problem

On February 20th, a hacker working under the handle "Peace" took control of the website of Linux Mint, a popular Linux distribution derived from Ubuntu (and Debian) targeted toward non-technical users and power users unhappy with modern desktop environments like GNOME 3, KDE Plasma 5, and Unity 7. The hacker replaced the download link for Linux Mint with one which contained a backdoor called Tsunami-an attack which put "several hundred" systems with a fresh installation of Linux Mint in the hacker's control, according to an interview with ZDNet's Zach Whittaker.

SEE: Has your Linux Mint desktop been backdoored?(ZDNet)

The same hacker gained control of the Linux Mint user forum, grabbing copies of the entire database twice, copies of which are now for sale on a dark web marketplace for 0.197 bitcoin ($85) per download. The user forum, which was powered by phpBB, used PHPass to hash passwords, which is possible to crack. At the time of this writing, the forum remains down while the main Linux Mint website was reinstated and compromised again shortly thereafter.

While these attacks are regrettable, and part of an infrastructure problem rather than a problem with the distribution itself, it increasingly appears that the Linux Mint team, led by project leader Clement Lefebvre, is spread too thin when it comes to security.

I searched on Linux Mint, sorry if this is a dupe.
2/26/2016 5:37:50 AM EDT
[#1]
The hacker then used their access to the site to change the legitimate checksum -- used to verify the integrity of a file -- on the download page with the checksum of the backdoored version.

"Who the f**k checks those anyway?" the hacker said.
View Quote
2/27/2016 2:01:21 PM EDT
[#2]
Mint is like Baby's First Linux anyway.


(I can't complain much, I use Fedora.)
2/28/2016 4:20:55 AM EDT
[#3]
Quote History
Quoted:
Mint is like Baby's First Linux anyway.

(I can't complain much, I use Fedora.)
View Quote

I understand that.  It's part of the reason this is important info to get out.

My Linux skills are so rusty I'm getting a refresher course by using Raspbian.    

I was going to go with Mint when I dump Windwoes but after reading about the lack of attention security detail I'm looking for another distro.  I'm not feeling geeky enough to dive into Gentoo like I did back in the day.

I'm thinking seriously about Tails.  Shouldn't that have a cartoon fox for a mascot though?

Edit:  typo
3/1/2016 5:54:42 PM EDT
[#4]
Quote History
Quoted:
Mint is like Baby's First Linux anyway.


(I can't complain much, I use Fedora.)
View Quote


Seriously.. replace a Kali ISO and I'll be impressed.
CA
Pro2A
brownells
gray
springfield
palmetto
cmmg
silencerShop
colt
Faxxon
bravocompany
ar15com
ar15com
ar15com
geissele
SAS
LAPG
primaryArms
LAPG
blackhills
fightlite
THBRD