Timeline Of Events: Linux Mint Website Hack That Distributed Malicious ISOs

An anonymous reader writes: The Linux Mint website was hacked last night and was pointing to malicious ISOs that contained an IRC bot known as TSUNAMI, used as part of an IRC DDoSing botnet. While the Linux Mint team says they were hacked via their WordPress site, security experts have discovered that their phpBB forum database was put up for sale on the Dark Web at around the same time of the hack. Also, it seems that after the Linux Mint team cleaned their website, the hackers reinfected it, which caused the developers to take it down altogether.

Re:WordPress ???

Ah, Drupal. Drupal is amazing, in that it's clear the developers looked at PHP, said "this is a horrible insecure language" and then decided "let's create a giant platform on top of it to try and fix up the flaws" rather than "let's look for a language that isn't terrible."

So now Drupal is its own language and library onto itself, and PHP has evolved to fix many of the problems Drupal attempts to solve but Drupal is stuck with their own implementations.

The amount of code Drupal has to load to render a single webpage is hilarious and somewhat worrying. It's enough that Drupal has to have its own code caching system on top of Zend or whatever you use to try and get performance to reasonable levels.

Which is probably the only reason you hear about WordPress getting hacked more than Drupal. Drupal has an impressive list of CVEs, but most people who try and use Drupal end up saying "fuck this" and using WordPress instead, because it's possible to get WordPress running without driving yourself insane.

Re:STFU

[houstonbofh]

Name a better CMS.

Offline. There is no way to secure WordPress for any length of time, so use it as a static site generator and post that. (Or Drupal, or anything else) More security and less resources needed.

old-school

[lkcl]

y'know... there's a reason why debian sticks with old-school mailing lists and why the mirrors keep it as utterly simple as possible. but the other question is, were users verifying the md5/sha1 checksums on the ISO images? how would they do that (when usually they will be downloading a check-program from the same website)? would they *know* to verify the checksums?

Re:forum

[KGIII]

Probably not. You know they like Linux, you've got a known working (verified) email address, you've got a username, you might be able to make some sort of personal profile based on forum comments. You can check locations with IP addresses but that's not always a certainty. You can probably narrow down which is their preferred Mint. Depending on what they've said in public (and maybe in private) then there's some potential to assign that profile to a person. If they've used the email and/or username elsewhere, they can put some more data together.

It really depends on what they're willing to put into it for effort. $85 is pretty cheap but they're probably not selling it as an exclusive so others will be targeting the users. They'll probably be coming through the data. It's a relational database so they may even automate some of this away (I would) and then simply start running reports. They might even have a way to weigh the data and find the more prominent posters and "mash up" what data they've shared. They'll potentially have some of the site's maintainers, admins, and even the dev team interacting with each other via PM. They might have even been dumb enough to PM passwords to each other.

But no, really that's not much. Not as far as data spillage goes, it's not much at all.