Linux Mint Website Hacked, Users Tricked Into Downloading ISOs with Backdoors

Discussion in 'all things UNIX' started by stapp, Feb 21, 2016.

Thread Status:
Not open for further replies.
  1. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yeah, we really needed that comment oliverjia.... Right.... ;)

    As usual, when some are losing an argument, they resort to name calling... Wow, what a surprise... :)

    I'd say it's the Ubuntu users posting in a Mint thread that are most likely the trolls...
     
  2. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Sorry, I can't resist lol. I was always a little worried about Mint to be honest. I'm sure it works well for many people but I was always worried about their support and security. Which is why I stated earlier, I'd rather stick with the original. I know full well Ubuntu is based on Debian, but Canonical is a reputable company. I still know very little about Mint. Apart from their rather lacklustre approach to security.
     
  3. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Name calling? No, I only listed the facts, that some people keeping ignoring, and pretending it never happened. For this kind of people, there is a term for them: put their head in the sand. I simply asked such kind of "people" to take out their head out of the sand for a moment, and open their eyes to see what happened. Otherwise, these stupid ostriches will keep using their opinions as facts, and then even have the face to say others are losing an argument. Note: all you ostrich's arguments so far are your opinions (based on your personal, subjective impression) rather than facts. These opinions are not valid arguments. Only stupid people do this, and think they won an argument in their wet dream.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    We all know what happened at the Mint site, it's old news now, they've corrected the problem, learned from their mistakes, so it's time to move on. Those who like Mint will continue to download and use it, in fact, more than any other distro, even now. Let's move on.

    Let's face it, every post here is opinion, with very little fact. The only fact in this discussion has been that the Mint site got hacked. The fact that you and Daveski think Ubuntu is better is just opinion, nothing else. Stop trying to act like you both are the righteous truth bringers in this thread. You're not.

    Calling someone a troll is name calling, yes. You're the one slinging mud. Why? Because you're insecure and you think you're losing a debate.

    Can we all just relax here, grow up a little, and realize that each of us likes our own favorite distros without having to bash and denigrate the others?

    That would be fantastic! :)
     
  5. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    No, the fact is Mint has not learned their lessons after being hacked, not the fact that it was hacked. "you're insecure and you think you're losing a debate." LOL, I feel insecure? Are you serious? haha, we'll see who'll be insecure in a year or two. With the current security philosophy that the Mint devs believe, being hacked again is just a matter of time.
    Please, keep using Mint, and I will stick with Ubuntu.
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    No problem there, that's fine. Millions of people will continue using Mint every day without worry or fear... they can't all be wrong, can they? :)
     
  7. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Win 10 is probably secure and professionally maintained. Almost certainly because MS invested zillions of dollars into its development. When it's finished it might be a bloody good operating system. I just don't want it until then.

    I only like it because, unlike Mint, it is secure and well maintained, and unlike Debian, I could buy it preinstalled on a compatible laptop. This is because Canonical invest time, money and effort to make this happen. AFAIK, Debian and Mint don't. Plus I've used it for years on and off.

    IIRC you started the ad hominem remarks. You did it earlier with somebody else and they called you on it. I'm not losing any argument. I've stated my case. You just can't accept it. Like I keep saying, Canonical are the only company AFAIK out of the three we are discussing that deliberately invest money to make sure their product is hardware compatible, well developed and secure. Debian might throw billions at their distro, but I couldn't find a laptop preinstalled and guaranteed to be compatible with it at the time. I don't know what Mint spend on their distro, but whatever it is, it obviously isn't enough.

    No I'm not wrong. I stated, quite clearly that technically it is superior for me which is a subjective statement based on my own observation and experience. I've never used Mint or Debian. I couldn't get a laptop preinstalled with either of them guaranteed by the OEM and distro to be compatible. I could with Ubuntu. That's why it's superior for me. I could do this because of Canonical's FINANCIAL INVESTMENT in ensuring that I can buy a Lenovo laptop preinstalled with Ubuntu that will be hardware compatible.

    Ubuntu is the best choice for me, for all of the reasons I have consistently stated. So, to me, it is superior in this respect. I'm not pretending anything. It's what I've subjectively experienced.

    For some reason, you can't accept this reasoning. I can't help you with that, sorry.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    @Daveski17 Ok, let's just agree to disagree then. I do use Ubuntu too, and like it a lot. But I don't feel that it's a better choice than Debian or Mint in any way or for any reason. All I can gather from your posts is that you like Ubuntu because you can buy it pre-installed on a pc or laptop, thus relieving you of the effort required to install something yourself, and that you believe Ubuntu is good since it's has had money put into it. I on the other hand don't mind installing any number of distros myself, and I don't think money thrown at something necessarily guarantees anything. I think that's the gist of it. I am not criticizing your choice of distros at all. I'm just disagreeing with some of your reasoning. That's all.. :)

    It's true, the Mint site issue is very bad, but hopefully a lesson was learned. Time will tell on that one.
     
  9. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    My whole point was that Ubuntu was a better choice for me because of the criteria I espoused above. I had installed and run Ubuntu before on a laptop and had hardware compatibility problems. This is a perennial problem with Linux.

    I needed a new laptop.

    I needed a new laptop with a decent operating system.

    I needed a new laptop that preferably had an operating system that was familiar to me.

    I needed a new laptop that was guaranteed to work properly and have as few software, hardware or compatibility problems as possible.

    I needed a new laptop that I could easily obtain in my country.

    I had six realistic choices:

    1/ A laptop preinstalled with Windows.

    2/ A MacBook.

    3/ A laptop with no OS preinstalled.

    4/ A laptop preinstalled with Ubuntu.

    5/ A laptop preinstalled with Windows and dual booted with Linux.

    6/ A laptop preinstalled with a Linux distro other than Ubuntu.

    I could have bought a laptop with Win 8, but I didn't want Win 8, especially as I knew Win 10 was coming. I considered a MacBook, even the £1500 (about $2200) price tag didn't particularly deter me, but at the time the many reports of MacBooks having hardware problems concerned me. Plus, I wanted to research more about the exact model of MacBook I wanted. So I looked at laptops sold without OS's, but nobody could guarantee compatibility. I already have a Win 7 desktop, so dual booting seemed a tad redundant to me. I couldn't find a laptop preinstalled solely with any other distro than Ubuntu.

    Which left me with a laptop preinstalled with Ubuntu.

    Laptops preinstalled with Ubuntu, especially Lenovo, are compatible because Canonical, unlike other distro distributors or companies, such as Mint or Debian, don't actually work with those OEM's to actually ensure that the software is secure and hardware compatible. This is because Canonical invest time and money with OEM's to make this a reality.

    So, the corollary I made from all this is that as Canonical are actually prepared to invest money, time, effort and work with OEM's, not unlike Microsoft does in many respects, that Ubuntu is the best choice that I could possibly make when I decide to buy a laptop.

    I think I have explained this as clearly as I can. But if you can find a cogent fault in my logic, I would appreciate you pointing it out to me.

    Interestingly, I could have bought a laptop dual booted with Win 7 and Mint. But the store/shop selling said that they couldn't guarantee that Mint was compatible with the machine in question but it should be OK because Ubuntu is guaranteed compatible to run on it and Mint is virtually Ubuntu (their words).

    That's because Ubuntu invest financially with OEM's to ensure hardware compatibility. Apparently though, Mint don't do this. The shop/store in question felt that they needed to point that out to me if I purchased the computer.

    I didn't know much about Mint and doubted their support and security arrangements and protocols. Which, considering recent events, I consider remarkably prescient.

    In the end, I bought a Lenovo preinstalled with Ubuntu. I still have it.

    I still believe it was the best choice.
     
  10. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Not everyone ;)

    Source?

    This just shows that just because a company is behind something, doesn't mean this something will be good. Companies can make terrible decisions too.

    Yes. Debian constitutes the vast majority of the base for most Debian-based distros.

    That's how sad some users are when their favorite ditro gets in a conversation while not remaining "the 8th wonder of the world".

    Could you describe the difference between one and another, and tell why Mint is a "Frakenbuild" while Ubuntu is not?

    I've used the Mint forums for years and never had this limitation.

    Please show us where we continuously denied the hack and failed approach to security on Mint's part.

    :thumb: Exactly correct. "Ubuntu is better" is just an opinion.

    Psychologically speaking, yes. Whenever someone is insecure about their own mindset, this someone will resort to "hurr durr troll" or whatever mental masturbation he/she finds fit.

    That's not possible when dealing with fanboys, no matter the distro in question :thumb:

    So that's clear as water then.

    There are numerous vendors who do that, even in 3rd-world countries like Brazil (where I live). "I couldn't find it" isn't an excuse; however hard you think you looked into the matter, you probably didn't look hard enough.

    And hardware compatibility shouldn't be a problem either. For example, it's hard to find a piece of hardware that needs proprietary firmware to work with Debian, and that shouldn't be an problem either because you can get Debian ISO's with all the proorietary firmware that Linux normall has on other distros like Ubuntu, openSUSE, Mint, etc.

    @Kerodo Daveski made it pretty clear that it's his opinion that Ubuntu is better. I think we can all leave it at that ;)

    ----------------------------------------------------------------------------

    Security isn't too good on Ubuntu either, it's not designed to be more secure than most distros. If the user wants security as the priority, either install Hardened Gentoo, Arch with linux-grsec, or Debian Sid with GRSecurity. Or compile GRSec's Kernel on Ubuntu/Debian Jessie.

    Maintenance isn't better on Ubuntu than most distros. Doesn't matter how much money canonical puts into their toy or how many thousands of developers it has; it still has more problems than Arch with 30 volunteer developers. In fact, even Debian Jessie is more buggy than Arch, probably because these distros' design is much more complex and thus prone to mistakes.
     
  11. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    You ostriches are sick. Totally blind. I'll post all the facts described in the below article for your to educate yourself, so that you don't have to embarrass yourself in front of the whole world. If you don't have the capacity to read and comprehend the facts described in the below article, then please STFU, don't bother me with your ignorance.

    http://www.techrepublic.com/article/why-the-linux-mint-hack-is-an-indicator-of-a-larger-problem/

    "The problem with security in Linux Mint
    The architectural design of Linux Mint inherits a great deal from its upstream sources Debian and Ubuntu (which is itself based upon Debian). Unfortunately, it lacks any sort of security advisories—Linux Mint evangelists insist that referring to the Ubuntu or Debian advisories is sufficient. Not every package in Linux Mint is available in Ubuntu or Debian, and this argument is further complicated by the fact that updates that work perfectly in Ubuntu or Debian are blacklisted by the Linux Mint team due to compatibility issues.

    Linux Mint has the somewhat peculiar design decision of not updating the kernel using the graphical update manager. Users must run apt-get dist-upgrade in a terminal in order to receive updates, when users of Ubuntu receive the same kernel updates automatically. This leaves users vulnerable to potential root exploits and hardware issues. Additionally, there is an issue with shifting release cadences—with version 17, the underlying base moved from standard releases to Long-Term Support (LTS) releases of Ubuntu. Consequently, the packages incorporated are older, on average, than in previous releases, and if blacklisted are both old and insecure.

    What exactly constitutes a 'Linux distribution?'
    Linux Mint, when considered as the sum of its parts, is the Cinnamon desktop environment (DE), mintTools (software installer, update manager, backup too, welcome screen, etc.) and GNOME extensions built on top of an LTS version of Ubuntu. The repositories contain packages compiled for Ubuntu, without modification or recompilation. As outlined above, security patches and updates that work perfectly in Debian and Ubuntu are blacklisted as needed to not break under Mint—the only differentiation Mint provides is Cinnamon, thereby breaking security so that it "just works."

    This is not a Linux distribution and this is completely backwards from the way things are supposed to work. The code produced and value added by the Linux Mint team is in Cinnamon, which is available as a default DE in properly designed distributions such as Debian, Fedora, and openSUSE—all of which have security advisories. The task of maintaining and securing it is not a trivial task, and it requires more infrastructure and resources than the Linux Mint team possesses. Creating a pseudo-fork of an existing distribution to showcase a DE, while blacklisting updates—some of which are security updates—because it interferes with the DE is staggeringly irresponsible and tantamount to security malpractice."
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yes, agreed... :)

    @Daveski17 Fair enough Mr Daveski17... ;)
     
  13. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I think I covered all the bases lol. ;)
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Haha, yes, you certainly did. :)
     
  15. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    :argh:

    What "facts" did you post about what constitutes a Linux distribution? NONE. That article is only the opinion of someone else whom you agree with. And his/her opinion is wrong, BTW. Mint, Ubuntu, Debian, all are Linux distributions:

    "A Linux distribution (often called a distro for short) is an operating system made from a software collection, which is based upon the Linux kernel and, often, a package management system".
    https://en.wikipedia.org/wiki/Linux_distribution

    "A Linux distribution is a collection of software applications built on top of the Linux kernel and operating system."
    https://www.linux.com/directory/Distributions

    "The term distribution refers to a complete GNU/Linux operating system. Commonly shortened to just "distro", a distribution includes the Linux kernel, hundreds of small GNU programs and tools, and usually a windows manager or three"
    http://www.what-is-what.com/what_is/linux_distribution.html

    "The Distributions

    This is the highest layer of the Linux operating system: the container for all of the aforementioned layers. A distribution's makers have decided which kernel, operating system tools, environments, and applications to include and ship to users.

    Distributions are maintained by private individuals and commercial entities. A distribution can be installed using a CD that contains distribution-specific software for initial system installation and configuration. For the users, most popular distributions offer mature application management systems that allow users to search, find, and install new applications with just a few clicks of the mouse
    ."
    http://www.linuxfoundation.org/what-is-linux

    If I pick the Linux Kernel and put some Debian software on top of it and make it work and publish it on a CD/ISO, that's a Linux distro. End of story.

    It's actually funny to see how mad you are right now; because even though I totally respected you in the 3 comments I directed towards you, it's quite obvious that you're just a fanboy who will personally attack anyone who disagrees, be it with the "troll" calling or the "please stop being stpid and shut the f up" part. That's laughable, and shows how long fanboys are willing to go just give themselves a pat on the back.

    Go ahead, pat yourself on the back now :argh:
     
  16. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    This was what I always feared about Mint. Although I didn't know the specifics beforehand of course. The trouble is, any criticism of Mint, especially by those of us who prefer Ubuntu, is seized on by the anti-Ubuntu trolls as a way of turning the argument around. It's Mint's own complacency regarding security that is responsible here. When Canonical commented on Mint's security failings before they were hacked it was considered sour grapes because Mint is the 'number one' distro and Ubuntu isn't anymore. Then Mint got pwned, badly.

    At the end of the day, Mint is a prettier Ubuntu without Unity for those who don't like the direction Shuttleworth has taken Canonical in. It's the trolls who can't admit that Mint exists off much of the work done by Canonical. It's irrelevant that Ubuntu has a Debian base. I understand why Mint exists, I have nothing against it, but it isn't in the same league as Ubuntu when it comes to professionalism. Hopefully Mint have learned from all this.

    It won't stop the trolls labelling anyone who states this as Ubuntu fanboys though.
     
  17. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    The fact remains that Canonical was right about Mint's policies regarding security.
     
  18. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Me mad? Are you kidding me? LOL. No, I am not mad at all, I am just having a good feeling about my IQ after reading your posts. That's all.


     
  19. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Another pat on your back, huh ;)

    Go ahead, avoid showing us where we denied the hack or the misconfigured Mint's security; or how someone else thinks Mint isn't a distro. Gonna change the subject to what, next?
     
    Last edited: Mar 20, 2016
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Some of the concerns expressed over how "insecure" mint is are blown way out of proportion. This thread was spawned because the mint website was hacked, with subsequent tampering of the iso, not the O/S. Or is there news I'm somehow missing that thousands of mint users worldwide are being hacked due to poorly implemented security? BTW, Linus Torvalds, who strictly calls the shots on the Linux kernel's security, is not so concerned about its security as much as he is with its performance and reliability -http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/ ...just food for thought.
     
    Last edited: Mar 24, 2016
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    This is my take on it too, way overblown. The fact remains that there are Mint users all over the world who use it daily without concern or issues. Should we tell all the Mint users to panic now? :)

    I also doubt that any of the security and tech details mentioned above have any impact on the average home user. One has to ask, practically speaking, if it really matters at all or not.
     
  22. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Agreed.
     
  23. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    If there were serious security issues with the distro itself, there would have been all kinds of reports of compromised Mint systems floating around long before the server hack. The critiques I've seen of the distro's security that I've seen in this thread and elsewhere are largely theoretical and based on opinions of best security practices. There is very little anecdotal evidence that backs them up.

    If I were to assign a letter grade to the security of Mint, I would put it at a solid C, not great but not horrible either. In hardware and drivers and portability and flexibility, it gets an A+. To the average user, those are its attractive points, especially if they are coming from the plug and play world of Windows. Mint actually does plug and play better than Windows which is quite an achievement in coding. Security isn't everything, drivers and usability are important too.
     
  24. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    I couldn't have said any better. Thanks.
     
  25. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yep, that certainly sounds reasonable. Agreed.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.