|FROM ||Ruben Safir
|SUBJECT ||Subject: [Hangout-NYLXS] Linux Mint security breach
|From hangout-bounces-at-nylxs.com Sun Feb 21 01:39:25 2016
Received: from www.mrbrklyn.com (www.mrbrklyn.com [126.96.36.199])
by mrbrklyn.com (Postfix) with ESMTP id 230A0163DA8;
Sun, 21 Feb 2016 01:39:11 -0500 (EST)
Received: from [10.0.0.19] (stat13.mrbrklyn.com [10.0.0.19])
by mrbrklyn.com (Postfix) with ESMTP id BF1201616C1
for ; Sun, 21 Feb 2016 00:49:59 -0500 (EST)
From: Ruben Safir
Date: Sun, 21 Feb 2016 00:49:59 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
Subject: [Hangout-NYLXS] Linux Mint security breach
Reply-To: NYLXS Discussions List
List-Id: NYLXS Discussions List
Content-Type: text/plain; charset="utf-8"
Linux Mint Website Hacked, Users Tricked Into Downloading ISOs with
Here's what you need to do if you've downloaded the ISO
Feb 21, 2016 02:05 GMT =C2=B7 By Marius Nestor
Just a few moments ago, Clement Lefebvre, leader of the Linux Mint
project, informes users of the popular, Ubuntu-based distribution that
the servers where the Linux Mint website is hosted have been hacked to
point the download links to specially crafted ISOs.
According to Mr. Lefebvre, it appears that a group of hackers created a
modified Linux Mint ISO, which included a backdoor. Then, they hacked
into the Linux Mint website and modified the download links to trick
users into downloading the malicious ISO image.
"I=E2=80=99m sorry I have to come with bad news. We were exposed to an intr=
today. It was brief and it shouldn=E2=80=99t impact many people, but if it
impacts you, it=E2=80=99s very important you read the information below," s=
Clement Lefebvre in the announcement.
It would appear that only the Linux Mint 17.3 Cinnamon edition has been
compromised at the moment of writing this article, and those of you who
downloaded these ISO images on February 20, 2016, need not to install
them on your computer, but delete them as soon as possible.
"Things are under control, for now"
Clement Lefebvre assures users that if they downloaded any other Linux
Mint edition from the website with the exception of the Cinnamon one,
they are safe, and they don't need to do anything at this point.
Again, only those who downloaded the Linux Mint Cinnamon ISOs on
February 20 are affected, and they need to delete those images from
their computers. Also, if you already managed to install Linux Mint on
your computer using the respective images, you need to re-download new
ISOs from the project's website and reinstall the OS.
"Wiping the drive and changing your passwords is also recommended!"
At the moment, it appears that the whole situation is under control, and
the modified download links now point to the correct ISO images for the
Linux Mint Cinnamon edition. More technical details about the hack can
be found on the Linux Mint blog, where Clement Lefebvre said that the
hacked ISOs where hosted on a Bulgarian server.
"Both lead to Sofia, Bulgaria, and the name of 3 people over there. We
don=E2=80=99t know their roles in this, but if we ask for an investigation,=
is where it will start," said the Linux Mint leader. "If more efforts
are made to attack our project and if the goal is to hurt us, we=E2=80=99ll=
in touch with authorities and security firms to confront the people
Mr. Lefebvre recommends users who are affected by the hack to disconnect
their computers from the Internet as soon as possible, wipe the disk
drive and change all of their passwords, especially those used for email
and other sensitive websites. If you were affected, please inform the
Linux Mint leaders immediately!
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
hangout mailing list