[kwlug-disc] Linux Mint site hacked
Bob Jonkman
bjonkman at sobac.com
Mon Feb 22 14:42:18 EST 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apparently the only ISOs affected are the 17.3 Linux Mint Cinnamon
releases. http://blog.linuxmint.com/?p=2994 But still...
Linux Mint Debian Edition is a bit more robust in regards to kernel
updates. It was initially promised to be a "rolling release", meaning
that you'd never have to do a full system update again.
Unfortunately, that stopped happening with the release of LMDE2 last
year, so now I don't see any benefits to Linux Mint that you can't get
with a regular Debian install with the MATE desktop environment.
Recently I've switched back to using Ubuntu, the Ubuntu-MATE distro:
http://ubuntu-mate.org/ Seems to be every bit as slick as Linux Mint
was. If I'm overcome by the miasma of non-free software then I'll
probably go back to Trisquel with MATE: https://trisquel.info/
Interesting thing: Switching from Trisquel+MATE to LMDE+MATE to
Ubuntu+MATE was almost completely seamless -- the desktop environment
preserved almost all the settings from one distro to another.
- --Bob.
On 2016-02-22 02:10 PM, Chris Irwin wrote:
> Also, apparently their initial "fix" was to correct the download
> links, rather than taking the compromised machine offline entirely.
> This lead to the download links being redirected to the compromised
> ISOs a second time.
>
> http://thehackernews.com/2016/02/linux-mint-hack.html
>
> In an interesting discussion on LWN, it appears that Mint doesn't
> install kernel updates, and doesn't publish CVE information,
> amongst various other packaging issues.
>
> https://lwn.net/Articles/676664/
>
> Perhaps those using Mint would be wise to look for alternatives.
>
>
> On Mon, Feb 22, 2016 at 1:41 PM, L.D. Paniak
> <ldpaniak at fourpisolutions.com> wrote:
>
>> Apparently, the Linux Mint website was hacked over the weekend:
>>
>> http://arstechnica.com/security/2016/02/linux-mint-hit-by-malware-infection-on-its-website-and-forum-after-hack-attack/
>>
>>
>>
ISO images downloaded on Feb 20 should be discarded or checked against
>> known-good checksums. Images from mirror sites may have a wider
>> window of vulnerability.
Bob Jonkman <bjonkman at sobac.com> Phone: +1-519-635-9413
SOBAC Microcomputer Services http://sobac.com/sobac/
Software --- Office & Business Automation --- Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Ensure confidentiality, authenticity, non-repudiability
iEYEARECAAYFAlbLZJYACgkQuRKJsNLM5eqCWwCcDcKy+QqsiAakmzM97VLRkgAO
IhMAoL9FqsYEqoExrEzRpHyMF0mr+7bM
=tbgR
-----END PGP SIGNATURE-----
More information about the kwlug-disc
mailing list