Linux Mint Website Hacked, Users Tricked Into Downloading ISOs with Backdoors

Discussion in 'all things UNIX' started by stapp, Feb 21, 2016.

Thread Status:
Not open for further replies.
  1. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    741
    Location:
    United States
    You are concerned enough to post about it here. Which Fedora have you used and which default desktop? Just curious.
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I've used Debian with Cinnamon for the past year or so and found it fine. Also installed Cinnamon on Ubuntu and it worked out fine also. I tend to stick with the Deb based distros as I've found them cleaner and less buggy that the others. I've been using Linux off and on now for almost 15 years... I like Mint with Cinnamon as well. I just don't have time to delve into all the details that's required for something like Arch etc. At the moment Mint suits my needs perfectly.
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I gave up Fedora long ago as I just found it too buggy and inconsistent... not interested anymore.
     
  4. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    741
    Location:
    United States
    I never used Fedora till a year or two ago. Seems pretty stable now anyway. One reason I was able to use it easily is they have a Cinnamon DE for it from scratch.

    I like Mint also. I do believe it wouldn't hurt them to offer more security out of the box at least as an option. There's a thread in their forums now where a user brings up Firejail - maybe someone from Wilders - as a security feature. Firejail is being installed by default (I believe) in a couple of distros now.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I should give Fedora a try again, maybe soon. It could be much better now, I'll have to check it out. I haven't used Firejail yet, but I have been reading the thread on it here at Wilders, it seems interesting. I guess my motto lately has just been to keep it simple.. :)
     
  6. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    ;)
    LOL, that's pretty much it. The main reason I use Linux is to benefit from its security and privacy features, so I may be very much focused on security other than anything else. Plus, I find Ubuntu LTS to be pretty consistent, easy to use and stable, so I basically have never used anything else before.
     
  7. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Security is a complicated thing, people mess it up sometimes. Even one of the most important security/privacy components on millions of web servers, OpenSSL, was not subject to a good security audit and that's why attackers were able to exploit it. In the past, Debian screwed up a crypto API so bad that some developers wanted the package maintainer out of the Debian project.

    Does this mean they deliver poor quality products or services? No. In fact, making mistakes is what makes us evolve. The evidence for this is on what Mint is doing after the attack with their ISO and Forums.

    Mint may have failed in a specifc area in the past, but that does not mean it's a bad distro.
     
  8. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    It certainly isn't a bad distro, with driver compatiblility where it excels, it really performs. I decided to give it a driver test. I still have the 16gb ssd with Mint that I installed on an i5 tablet convertible that had intel graphics built into the CPU and lots of drivers due to the rotating multi touch display. The only driver that was buggy for that machine was the screen rotation which was still partially functional.

    I took the disk and put it into an external USB case and booted my W520 with it. It booted almost instantly and found drivers for both graphic cards, the audio, wifi, quad core CPU, power and everything else I looked at. Mint works as a portable OS that can fit on a small USB drive and boot on a wide range of hardware. Pretty cool. Not all distros can do that. Windows by design can't and will never be a compact portable OS that can be booted easily on different hardware. I can take the same installation, copy it to a VHD image, and have a working VM in a few minutes.

    I'm really amused to be using Mint on a machine that I mostly use Ubuntu on, mostly because I didn't have to install it and it works about as well as the Ubuntu system which has been endlessly tweaked and messed with with numerous driver and update issues to sort out.
     
  9. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    They not learned anything, the passwords are increased to 10 chars (min) now but's useless in times of such gpu power we can get. In the Mint community you also can't set your own passwords, you can only request for it and and then you get it via email ... OMG! ....

    There are fundamental holes and logic failures which needs to be 'fixed' fist, this doesn't have much to do with the Distro, moreover with the people behind it and how they deal with it.

    https://www.reddit.com/r/linux/comments/46w0jb/linux_mint_forum_database_was_compromised_mint/
    http://blog.linuxmint.com/?p=2994
     
  10. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    741
    Location:
    United States
    I will admit that I have to tweak Fedora when I 1st install it with plugins. a couple of versions of gstreamer . then there is getting in sync with the dnf yum extender and I have an issue with SeLinux about using VPNs - OpenVPN has a conflict with SeLinux which I can work around but its a pain - I'm still trying for an easier work around.

    Firejail ends up messing my volume control up somehow so I've abandoned any efforts for that w/Fedora Mint doesn't have these issues but its my own personal preference to have some level of security and have people in the project who track CVEs etc
     
  11. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Agreed. Mint is not a real distro. It's a frankenbuild of Debian+Ubuntu. Many of the security packages are messed up and blocked in Mint from being installed. It's the biggest joke of Linux world.
     
  12. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    Not sure i understand your pessimism toward mint.Couple of points.
    How is mint any different from any other ubuntu/debian based distro and how is mint not a "real" one.........?

    The reason that some security packages are not installed in mint is because it may cause instability on the system.However the choice to install these updates is clearly given in the mint update manager.

    Also according to distrowatch it is the number one distro....
     
  13. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    You asked the same questions before, I replied to your questions, but unfortunately it does not appear you read it. Read page 2-3. Specifically:

    https://www.wilderssecurity.com/thre...sos-with-backdoors.383981/page-3#post-2567884
     
  14. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    And it seems you forgot about mrkvonics reply in that same thread.You did not supply any solid reasons why mint should not be used or constitute a real distro.

    Please if you would for the benefit of all or potential linux users specify what is a real distro in your opinion and maybe even give some information on how to formulate and construct such a distro.
     
  15. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Sorry I don't babysit for people who can not read.
    Go ahead and stick with Mint.
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Apparently a "real" distro is one that you have to struggle and torture yourself with to get things working. Since Mint works great out of the box in all regards, it can't be a real distro. ;)
     
  17. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    :argh: :D ...good one!
     
  18. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    Sorry, I and a lot of others disagree with you on this. I've pointed out that it excels in driver compatibility, stability and performance and beats many other distros in this, not to mention Windows in any form. Security is not its strongest area but it is far from horrible either. If its developers valued stability and performance over security, that is a choice they made and for what they intended, it worked out and they did a great job with it. I can think of very few OSes that have the kind of portability Mint has where I can move a full installation to completely different hardware and the OS boots without even blinking with all the drivers needed to work with either system. All of this in a 16gb disk with a 12gb system partition and 4gb swap partition. Not bad at all.
     
  19. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    The driver support is built into the Linux kernel. I don't think Mint provides any additional driver support. I installed Ubuntu LTS at many different computers and most of them works fine. So Ubuntu should, at least in theory, provides the same level of driver support as Mint. What excels in Mint is the additional codes it contained, that Ubuntu does not contain because of copy right and TOC restrictions. For me, these additional features that are provided by Mint can simply be installed a one command line in Ubuntu.
    So all in all, I would rather use Ubuntu any day over Mint, due to the additional security features that Ubuntu has.
     
  20. Amanda

    Amanda Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    2,115
    Location:
    Brasil
    Damn those guys who fix some of Ubuntu's problems! :mad::argh:

    "Mint just adds a few things": so does any other distro out there that isn't upsteam. Mint gets the vast majority of it's base from Ubuntu, and Ubuntu gets the vast majority of it's base from Debian. They both aren't real distros then, I guess.

    They're all good in some way, and they all suck in some way.
     
    Last edited: Mar 19, 2016
  21. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    I used Mint in the past as second Os in my pc. What i now wish to understand is: how much safe is to download Mint ISO today ?
     
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Even easier than that... you can tell Ubuntu to install all the 3rd party features at the beginning of the install by checking a little box.
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Just download the ISO and check it against the MD5 provided on the download page. If it matches, then you're good. That's how the problem was discovered originally, someone checked it and it didn't match.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Yeah, the nerve of those guys! :)
     
  25. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    IIRC it takes a few seconds to install the necessary codecs in Ubuntu on installation. As far as I'm concerned Mint is just a revamped Ubuntu without Unity. Which is fine if you like that sort of thing. The reason I have never ran Mint is that Canonical have a professional attitude and are security conscious. Plus they've invested in Ubuntu. Like I said before, why not get the original? The way I see it Canonical took Debian and did a lot with it. Mint didn't take such a professional approach with their product/Frankendistro. This entire Mint security breech can't be discussed on Wilders without attracting the attention of the anti-Ubuntu trolls anyway. And that is the subtext behind many of the conversations here. What happened to Mint was inevitable I think. I just want and need a reliable professional Linux distro. Ubuntu is that, Mint isn't that.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.