1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mint website hacked, check your .iso downloads

Discussion in 'General Linux Discussion' started by ThunderRd, Feb 21, 2016.

Comments

Discussion in 'General Linux Discussion' started by ThunderRd, Feb 21, 2016.

  1. cloasters
    Thank you very much for letting us know about this, ThunderRd. I'm glad that the Mint folks let everyone know in such a timely fashion!
  2. booman
    Yup, its definitely down. I wasn't downloading anything from their site right now anyways.
    The blog by Clem says there was a second attack as well
  3. allenskd
    Just got caught wind of the news was about to post it here. I got alerted through https://haveibeenpwned.com/ (created by Troy Hunt (this guy http://www.troyhunt.com/p/about.html ). Give it a shot, god knows which site has been compromised besides linuxmint one.

    Anyway, as far as I know the repositories hasn't been compromised else it would have been state-wide alert... (amusingly... I moved to OpenSUSE Leap 42.1 and have been enjoying it aplenty)
  4. Daniel~
    One can only wonder though what trick of the mind one comes to see Mint and/or her users as deserving of attack.
    I'm off to get the details...thanks for all the links!
  5. booman
    Exactly... what is the point hacking an open-source site? Its not like there is a lot of downloads every hour compared to a Windows site...
  6. allenskd
    Well... human error that is, people have these amazing ideas of using the same password they use on forums online in paypal and other banking-related sites. Given the linux is secure in many aspects... but oh boy a backdoored distribution I think my heart would skip a few beats if upstreams like Debian ever get hacked.

    Sadly... there's not much to it. Sites get hacked on a daily basis and they dump the data out there for the spammers to grab.
    booman likes this.
  7. Daniel~
    I'd love to hear from Aedan as to weather the big "Terror" bug a boo has changed the security habits of the corporate world?
    I see the next step in retail security as simply offering up a bit our data with every purchase":O}
    booman likes this.
  8. booman
    I work in "corporate world" and security has much-to-be-desired. We've been using the same admin password for many years. Even with turn-over we still don't change the admin password. So many people who left still know it.
  9. allenskd
    Haha, I know the feeling, booman. I used to work at a bank in the IT department. Some of the employees had their passwords taped in their keyboards behind all you needed to get in was at lunch time flip the keyboard and you are in... *shakes head*

    Sadly there are sooooo many people that are ignorant and naive about security and privacy. :(
  10. Gizmo
    Security is a cost-center, not a profit-center. As a consequence, corporations will only take security seriously when not having adequate security becomes more costly than having it.
  11. Daniel~
    You mean like after their dic-pics are plaster all over the internet?
    Oh! Wait!
    That would be our dic-pics wouldn't it...?
    (I'm still trying to catch on to the whole metaphor thing...sigh) ":O}
  12. Gizmo
    Yeah, funny thing about that; most of the folkss screaming about AshleyMaddison's security are the same folks busy NOT supporting proper security in their own organizations.
  13. cloasters
    Mighty good point there, Gizmo!
  14. Gizmo
    So, apparently we are worth somewhere between 25 and 40 cents. According this: http://www.theregister.co.uk/2016/03/17/bill_for_home_depot_data_theft/
    Home Depot lost 50m user records and it's going to cost them about $20m.
    Target lost 40m user records and it cost them about $10m.

    Home Depot made $1.5 Billion last QUARTER
    Target made $21.6 Billion last QUARTER

    Put another way, each of those customers gave Home Depot an average of $30 and in the same period of time, Home Depot gave them back 40 cents.

    Target did even better, an average of $540 to give back 25 cents.

    There's no financial incentive here for the companies to do better. Until that changes, they won't do significantly better.
  15. Daniel~
    And so long as it primarily the customers information they are putting at risk...where's the downside!? ":O{

Share This Page