https://linux4all.dreamwidth.org/ Linux4All - Dreamwidth Studios Sun, 21 Feb 2016 11:32:51 GMT LiveJournal / Dreamwidth Studios linux4all community https://v2.dreamwidth.org/9667/26390 https://linux4all.dreamwidth.org/ 81 100 https://linux4all.dreamwidth.org/32202.html Sun, 21 Feb 2016 11:32:51 GMT https://linux4all.dreamwidth.org/32202.html Posted by: <span lj:user='moem' style='white-space: nowrap;' class='ljuser'><a href='https://moem.dreamwidth.org/profile'><img src='https://www.dreamwidth.org/img/silk/identity/user.png' alt='[personal profile] ' width='17' height='17' style='vertical-align: text-bottom; border: 0; padding-right: 1px;' /></a><a href='https://moem.dreamwidth.org/'><b>moem</b></a></span><br /><br /><em>Clement Lefebvre writes on the </em><a href="http://blog.linuxmint.com/?p=2994"><em>Linux Mint Blog</em></a><em>:<br /></em><br /><p>&quot;I&rsquo;m sorry I have to come with bad news.</p> <p>We were exposed to an intrusion today. It was brief and it shouldn&rsquo;t impact many people, but if it impacts you, it&rsquo;s very important you read the information below.</p> <p><strong>What happened?</strong></p> <p>Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.</p> <p><strong>Does this affect you?</strong></p> <p>As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.</p> <p>If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn&rsquo;t affect you either.</p> <p>Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.</p> <p><strong>How to check if your ISO is compromised?</strong></p> <p>If you still have the ISO file, check its MD5 signature with the command &ldquo;md5sum yourfile.iso&rdquo; (where yourfile.iso is the name of the ISO).</p> <p>The valid signatures are below:</p> <pre> 6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso 30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso 3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso </pre> <p>If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session.</p> <p>Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.</p> <p><strong>What to do if you are affected?</strong></p> <p>Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.</p> <p>If you installed this ISO on a computer:</p> <ul><li>Put the computer offline.</li><li>Backup your personal data, if any.</li><li>Reinstall the OS or format the partition.</li><li>Change your passwords for sensitive websites (for your email in particular).</li></ul> <p><strong>Is everything back to normal now?</strong></p> <p>Not yet. We took the server down while we&rsquo;re fixing the issue.</p> <p><strong>Who did that?</strong></p> <p>The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com.</p> <p>Both lead to Sofia, Bulgaria, and the name of 3 people over there. We don&rsquo;t know their roles in this, but if we ask for an investigation, this is where it will start.</p> <p>What we don&rsquo;t know is the motivation behind this attack. If more efforts are made to attack our project and if the goal is to hurt us, we&rsquo;ll get in touch with authorities and security firms to confront the people behind this.</p> <p>If you&rsquo;ve been affected by this, please do let us know.&quot;</p><br /><br /><br /><img src="https://www.dreamwidth.org/tools/commentcount?user=linux4all&ditemid=32202" width="30" height="12" alt="comment count unavailable" style="vertical-align: middle;"/> comments https://linux4all.dreamwidth.org/32202.html hacked backdoor news linux mint annoyed public moem 0