Lessons from the Linux Mint Hack

POSTED to Freedom Penguin, 3:43PM PST, Sunday — Unless you’re completely unplugged from the Linux news media, by now you’ve heard about the exploit that affected both the Linux Mint WordPress site and the Linux Mint 17.3 Cinnamon edition.

What you need to know:

  • Softpedia provides a solid account and breakdown of events. However, they did miss something…more on that later. If you’re into screen shots and the details of the event, check it out.
  • ISO Torrents were not affected.
  • SSL wouldn’t have protected squat. Don’t misunderstand, it does protect against OTHER potential attacks, but the initial point of entry was WordPress. Remember the entry point of attack was WordPress, so for this specific attack, Clem’s statement below is correct. However, offering anything for download without SSL in play is a special kind of dangerous. Let’s hope they keep the site offline until SSL is implemented.

nizzle Says:
February 21st, 2016 at 2:46 am
Doesn’t do much good to post hashes on a site that’s not served over TLS.
When will *.linuxmint.com go https only?
Edit by Clem: It’s planned and I’m hoping it’ll happen soon. Please note that this wouldn’t have helped here though. You’d be served the exact same hacked information via HTTPs. (Read the rest at Freedom Penguin)