Stories
Slash Boxes
Comments

SoylentNews is people

Mint Cinnamon ISOs Hacked

posted by cmn32480 on Sunday February 21 2016, @03:16PM   Printer-friendly
from the ruh-roh dept.

Appalbarry writes:

If you downloaded Mint Cinnamon today (for versions of "today" that include February 20th, 2016) you should immediately check the MD5 checksum. Blog Entry here.

From Clem:

We were exposed to an intrusion today. It was brief and it shouldn't impact many people, but if it impacts you, it's very important you read the information below.

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn't affect you either.

Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.

Apparently the hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com. Both lead to Sofia, Bulgaria, and the name of 3 people over there.

The comment thread suggests that the ISOs are showing up in other places, and that the Mint site may still not be entirely secure.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Mint Cinnamon ISOs Hacked | Log In/Create an Account | Top | 54 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday February 21 2016, @09:13PM

    by Anonymous Coward on Sunday February 21 2016, @09:13PM (#307871)

    Different AC here, but how many people being set up with Linux are going to check either forum? No, most people are going to call whomever set up their computer (whether an OEM or a family member or friend), end up wherever a random Google takes them, or ask in some community they are already involved in, in case someone there knows.

    On a related note:
    If I'm giving someone Linux, it is most likely because my concerns boil down to some security issue I am fixing for them. Now while I don't know the particulars that the GP referred to, I am of the opinion that downstream is almost always less secure than the upstream. The only exception to that is if they have additional mitigations that upstream doesn't have. The two reasons for that is that being downstream results in more time for bugs to be exploited as they work their way down and the trickle down process introduces more chances of a security mistake being made. That is why would prefer Debian over Ubuntu and Ubuntu over Mint, as I'm not aware of any additional mitigations they do over their upstream that counter-balance the risk.