Open Source Adapted Bicycle Pedal Comes to the Rescue
Accessibility has always been important to designers of open source software. Now that open source has come to design, that's more true than ever, as demonstrated with this open source bicycle
Linux Action Show to End Eleven-Year Run at LFNW
Six more episodes before the popular Linux podcast, Linux Action Show, ends its nearly 11-year run in a live broadcast from LinuxFest Northwest.

Media



Jupiter Broadcasting's long-running
Dealing With Real-Life, Everyday Security Threats
No one has ever been shot by a hacker who was breaking into their computer through the Internet. Not so for thieves coming in through the back door.

Roblimo's Hideaway



I wrote a piece
Four Things a New Linux User Should Know
When you move from "that other operating system" to Linux, you're going to find that in most ways you'll be in familiar territory. However, that's not always the case. We sometimes do things a little differently
The Future of Desktop Ubuntu
With all the changes happening at Canonical, you might wonder what this means for the future of desktop Ubuntu, besides the return to the GNOME desktop.



There hasn't been this much news about a single Linux distro
Libreboot Reorganizes: Seeks to Make Amends
It appears the people developing Libreboot have done some of the hard work necessary to fix potentially toxic personal dynamics after last year's controversy, when the project removed itself from the
It's Windows Time in Linux Land Again
Using Windows. What a horrible thing to ask a Linux user to do.
February 21st, 2016

Linux Mint Hacked: ISO for 17.3 Cinnamon Edition Modified

An intrusion of the Linux Mint server on Saturday makes downloads performed on Saturday of version 17.3 Cinnamon potentially vulnerable.

Linux Mint project leader Clem Lefebvre revealed in a blog post today that the popular Linux distribution’s servers were hacked on Saturday. During the “brief” intrusion, the hackers modified the ISO of the Cinnamon edition of Linux Mint 17.3 (Rosa) and also gained access to the distro’s forum database. Only this particular ISO is affected; other editions or releases are considered safe. Only ISO’s downloaded Saturday are potentially vulnerable.

Linux Mint LogoThe modification installs a backdoor into the operating system and any installations made from the affected ISO will need to be replaced. This includes live versions on USB sticks or DVDs. However, not all copies of the ISO downloaded on Saturday are vulnerable. Users who downloaded are urged to check MD5 signatures to make certain the downloaded file is an unmodified version or to boot into the live version (or to the hard drive if the download has already been installed) while offline — Lefebvre suggests disabling the system’s router if in doubt — and look for the file /var/lib/man.cy. If this file is present, the download is infected.

To check the MD5 signatures on a saved copy of the ISO, open a terminal and run the following command using the file name of the downloaded ISO:

md5sum filename.iso

If the query returns the correct signature from the list below, the download is clean and not infected.

6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso

e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso

30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso

3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso

df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso

Any affected image burned to an external medium should not be used (i.e. DVDs should be thrown away and USB drives reformatted). If the affected download has already been installed on a computer, users will need to backup any personal data and reinstall the operating system from a clean download.

Lefebvre says that the Linux Mint forum database, which was also accessed during the intrusion, contained the following information:

  • Your forums username
  • An encrypted copy of your forums password
  • Your email address
  • Any personal information you might have put in your signature/profile/etc…
  • Any personal information you might written on the forums (including private topics and private messages)

Users of the forum are urged to change their passwords, as well as to change passwords on any website using the same password.

We’re currently in the midst of our 2016 Indiegogo fundraising drive. Your support is crucial. Won’t you please visit our fundraising page and make a contribution to support FOSS Force?

Comments are closed.