Slashdot Mirror

← Back to Stories (view on slashdot.org)

Timeline Of Events: Linux Mint Website Hack That Distributed Malicious ISOs (softpedia.com)

Posted by BeauHD on from the point-of-entry dept.

An anonymous reader writes: The Linux Mint website was hacked last night and was pointing to malicious ISOs that contained an IRC bot known as TSUNAMI, used as part of an IRC DDoSing botnet. While the Linux Mint team says they were hacked via their WordPress site, security experts have discovered that their phpBB forum database was put up for sale on the Dark Web at around the same time of the hack. Also, it seems that after the Linux Mint team cleaned their website, the hackers reinfected it, which caused the developers to take it down altogether.

6 of 188 comments (clear)

  1. They Need To Take EVERYTHING Down by Anonymous Coward · · Score: 3, Insightful

    They've got a serious breach with no idea how the attackers got in and continue to get in. They need to take EVERYTHING down including their name servers and verify that their registration with the root servers hasn't changed, until they have done a through post breach analysis. Only then can they bring up newly installed servers with whatever vulnerability fixed.

    This should take several days. Possibly even weeks, depending on the extent of their infrastructure.

  2. Re:forum by KGIII · · Score: 5, Insightful

    They were selling the database. The PMs aren't encrypted in most forums, I'm not sure about phpBB. The passwords are salted and hashed so they're not gonna be digging out rainbow tables and getting passwords. They'll have email addresses that tie in with usernames. They'll know a little about the person so spear phishing is a possibility as is just plain phishing.

    I've got some data involved in this one. Nothing major, nothing important. I am not the least bit concerned. I did not download any of the torrents. I do have the legit versions of the .ISOs seeding - all current versions and some older versions - going back to at least v. 14. So, it sucks but it's not the end of the world - unless this damages their reputation so much that people bail on them.

    I like Linux Mint. I call it Linux for Retards - which means that I can use it without even looking at the manual. They're well supported, give access to the Ubuntu ecosystem, a cautious and safe build, and not a horrible community. I have a laptop with me that has Cinnamon on it. They'll be okay.

    But, there's a few things that make the database valuable. The emails and username combinations are a good start. They can then do some work and figure out more personal traits and then attempt some social engineering, phishing, and even targeted malware - if they want to invest enough energy.

    --
    "So long and thanks for all the fish."
  3. Re:STFU by KGIII · · Score: 3, Insightful

    It's not really WordPress that's so bad. Not really. They used to be pretty bad but they, themselves, have gotten their act together. The problem is that people don't keep things updated and will use extensions and add-ons and the likes from anywhere. They won't keep those updated either. If they're maintained well, if you pick the add-ons by activity and reputation and timely security fixes, and if you're a little attentive then you'll be okay.

    There are a few add-ons (oddly enough) to help with this. There are ways to automate unattended updates. There are ways to lock down the permissions and make the suggested changes. Use a separate administrator name than user. Rename a couple of pages. After setup, remove the setup files, set the permissions to 555 when not in use, etc... You can do quite a bit, if you want. I've seen a few good guides - hell, there's a few people here who have done it enough that they can write you a guide in ten minutes and know which add-ons to use to secure it and which files to rename, all without opening a new tab.

    (That's a hint, by the way. If, you know, someone's got some advice...)

    --
    "So long and thanks for all the fish."
  4. Re:This is what happens when you use Linux by houstonbofh · · Score: 4, Insightful

    No, WordPress is still insecure as shit on FreeBSD.

  5. Re:WordPress ??? by interval1066 · · Score: 1, Insightful

    PHP is insecure by design. I don't mean by conscious design, but by design non the less. How can you stay on top of a language that is so inconsistent that its laughable? The possibility of putting together insecure code without realizing it is very high with PHP.

    --
    Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
  6. Re:old-school by Xtifr · · Score: 3, Insightful

    No. Public keys exist to ensure only one person can decrypt what you are sending.

    No, public keys also exist to verify private signatures. In all the years my public key has been out there, I've had it used for encryption maybe a handful of times (mostly for Debian voting verification), but it's been used for signature verification (mostly with Debian packages) more times than I can count.