Monday, February 22, 2016

Linux Mint site hacked

If you have an account on the Linux Mint forums, don't click the link to download the "new distort" - it's backdoored by the Bad Guys:
A hack against Linux Mint over the weekend that meant surfers were invited to download a copy of the open source distro that came contaminated with a backdoor has also affected the organisation’s forums. 
As previously reported, hackers made a modified Linux Mint ISO before hacking its website with a link to the compromised code. 
The breach was quickly detected. It only affected those who downloaded Linux Mint 17.3 Cinnamon edition on Saturday, 20 February.
As is so often the case, the weakest link is the people.

3 comments:

drjim said...

And ALWAYS verify the checksums!

Old Windways said...

@drjim, If they hacked the Linux Mint site, wouldn't they also be able to post the checksums to make their download appear legit?

How can you protect yourself from a case like this when the "trusted source" has been compromised?

Borepatch said...

How can you protect yourself from a case like this when the "trusted source" has been compromised?

You can't. That's why it's a good thing to (a) use the major sources (lots of eyeballs on these) and (b) don't be the first kid on the block to get it.