Path: csiph.com!weretis.net!feeder4.news.weretis.net!news.albasani.net!.POSTED!not-for-mail From: Johnny Newsgroups: alt.os.linux.mint,comp.os.linux.security Subject: Re: 2/20/16 Linux Mint downloads compromised Date: Sun, 21 Feb 2016 06:14:27 -0600 Organization: albasani.net Lines: 39 Message-ID: <20160221061427.6994565f@jspc> References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Trace: news.albasani.net brPzx7jfxKijhxuPWhwh6Dd7WFJC+Z0r3rIbMUnT4aonGNdi/aGR8yUUoUSqbDvugLLWS6szQijnntBF4HJ24A== NNTP-Posting-Date: Sun, 21 Feb 2016 12:14:27 +0000 (UTC) Injection-Info: news.albasani.net; logging-data="Rk4Z674kVD6m+buGW9+cCR5pVVvZTSEIOSVZuq72GQt2sFlWy6Wxo9qWTU6VgtujkArvFY6qY3h7Wck7UqNQpwAy+L8JbIa2GUdhsoGKRQXFimaH408urTjwrhC/doD2"; mail-complaints-to="abuse@albasani.net" X-Newsreader: Claws Mail 3.13.2 (GTK+ 2.24.23; x86_64-unknown-linux-gnu) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAIVBMVEXn6Ok+WJIBGFL+/v4DHVMABi8BFE0AD0Wgqr339/cXKlbmu8KRAAACa0lEQVQ4jZ3UMW/aQBQA4GdFlc6ZcJSAky0n6kZMlbKE0ZYTWWxEXInYQImJuoHAFzHhphSXyREL7oQlHFz/yr6zTQKJ2qFP8uD7/N49P50N538J+C9wld1QvXkKErs2wx1wlwKqUe0j75TNTVBbd5VHhAtHOUy2ExLdnf1GeDoJT5KdqCnRzTlUJU+p7cJKv7uZQ3WmfjfT+9DzMDXGSx/W9+DzVD3MIA4WrST5GZCVfilgYhXNVGIgrST0YTZoZ3BWFF3mUABYX7WjHGj6AhaQUSKD1HiBAwRvlULsw5FJTzOwDii1fDeFYyCOsQ1Y2sOuej5Mb+kLFCmtAEgPwWLpw9o0tkErkOg+8OVAuqY7GeX4x8AKMPbNLcA96PLZsAI/lhernQxst4GwGMnBDKH9klFRft1SK7hwCsGTQbXeOs84lYMPBj2bXwweZP9Qs9s5lO4BJmYKtTHs27yXlyq1AaYGllr0rwpAnvloA05LnRplARSfKfJRNna9xB2OzaSgYa0NnB5xhyrpIPu0vCSlZg5tAfEKX6vZocooYpuMnoBj16DUoBWytvmwtYGmg9Od4SHE8Sta9xWYcwZCaqoPxEC4yyBiTgGkcAxAkjF57g4br/DV5Vd1IE277n7pskZ64CZ17KPb7JR1kAbGJ2bzbeAdSnXYx5HbW3DJmgIq4wmCxoeswQR8698xxp0OLSdrXMcE1krBVS4ZpnBbs21qdzGB6Tm8jbDEbvag6mIlxvvZ+TUNsQdjsYCIicBiaWQ36hzOyUm+7nS5jZfAcIwfp+8m70KVxXdOvLe7e+O5+DNU4V3M//GT+QO30VYk3f//FQAAAABJRU5ErkJggg== Cancel-Lock: sha1:eaJcJVXEgnfJjsBtWK9TSjTTl20= Xref: csiph.com alt.os.linux.mint:19936 comp.os.linux.security:683 On Sun, 21 Feb 2016 05:48:09 +0100 bleak_fire_ wrote: > http://blog.linuxmint.com/?p=3D2994 >=20 > Quotes: >=20 > "Beware of hacked ISOs if you downloaded Linux Mint on February 20th!" >=20 > "We were exposed to an intrusion today. It was brief and it shouldn=E2=80= =99t=20 > impact many people, but if it impacts you, it=E2=80=99s very important you > read the information below." >=20 > "Hackers made a modified Linux Mint ISO, with a backdoor in it, and=20 > managed to hack our website to point to it." >=20 > "As far as we know, the only compromised edition was Linux Mint 17.3=20 > Cinnamon edition." >=20 > "If you downloaded another release or another edition, this does not=20 > affect you. If you downloaded via torrents or via a direct HTTP link,=20 > this doesn=E2=80=99t affect you either." >=20 > "Finally, the situation happened today, so it should only impact > people who downloaded this edition on February 20th." >=20 > "The hacked ISOs are hosted on 5.104.175.212 and the backdoor > connects to absentvodka.com." >=20 > "Both lead to Sofia, Bulgaria, and the name of 3 people over there. > We don=E2=80=99t know their roles in this, but if we ask for an > investigation, this is where it will start." >=20 This would be a good time for Cinnamon users to try Douane Firewall. https://github.com/Douane/Douane/wiki/Compilation