The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Chat about anything related to Linux Mint
User avatar
killer de bug
Level 14
Level 14
Posts: 5415
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by killer de bug » Sat Feb 27, 2016 3:52 pm

BigEasy wrote: What have to do WIndows users?
I guess the mileage may vary. At the end of the tutorial, you have already a distinction for Linux Mint users and for other Linux users.
So for windows users, I guess they have to experiment a little bit. :mrgreen:

Maybe someone who knows will create a new tutorial.
If it ain't broke, fix it until it is.

Farjohn
Level 1
Level 1
Posts: 6
Joined: Thu Dec 11, 2014 5:27 pm

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by Farjohn » Sat Feb 27, 2016 5:08 pm

Skaendo, Thank you for the post. I was beginning to suspect that, though not knowing why. Maybe a formatting issue when the disk is made bootable....

Skaendo

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by Skaendo » Sat Feb 27, 2016 5:29 pm

Farjohn wrote:Skaendo, Thank you for the post. I was beginning to suspect that, though not knowing why. Maybe a formatting issue when the disk is made bootable....
What did you use to burn your disc? Brasero?

If you have a Windows machine available, you might be able to make a good iso from your disc with ImgBurn. I have had good luck with that before. No guarantees though.

Farjohn
Level 1
Level 1
Posts: 6
Joined: Thu Dec 11, 2014 5:27 pm

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by Farjohn » Sat Feb 27, 2016 5:35 pm

Radish, I keep blowing up my replies, so I'll be brief. You were right; bad case for Documents. Running it again I was told "that's a directory, stupid!" or some such. Again, I should have known better. So on a whim I added a /*.* to the end of the path and got the hash code for the only text file in the directory. Interesting result. Thank you for your help, once again. I think I'm going to assume my install is good and forge ahead. Cheers!

Farjohn
Level 1
Level 1
Posts: 6
Joined: Thu Dec 11, 2014 5:27 pm

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by Farjohn » Sat Feb 27, 2016 5:42 pm

Skaendo, I "had" a Windows machine with Win7 and Win 10 installed but wiped them and did a clean install of 17.3. I'd had trouble making a bootable DVD using the Windows media utility, so I downloaded a freebie package that worked fine, though I looked at several and can't recall which one I used. You would likely recognize the name as it rang a bell with me, but damned if I can conjure it up right now. Oh well ... thanks again.

Skaendo

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by Skaendo » Sat Feb 27, 2016 6:31 pm

Farjohn wrote:Skaendo, I "had" a Windows machine with Win7 and Win 10 installed but wiped them and did a clean install of 17.3. I'd had trouble making a bootable DVD using the Windows media utility, so I downloaded a freebie package that worked fine, though I looked at several and can't recall which one I used. You would likely recognize the name as it rang a bell with me, but damned if I can conjure it up right now. Oh well ... thanks again.
Rufus? If so you will never get a good checksum from that disc.
Win32 Disk Imager? You might have a chance.

Anyways there are other ways to check for the recent malicious file. I cant remember what it's called or where it's at but it might be in the OP.

*Here it is:
Boot to the live media....
Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO. You need to reformat you hard drive and re-install Mint in this case.

User avatar
Drygar
Level 2
Level 2
Posts: 79
Joined: Sat Feb 14, 2015 5:52 pm

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by Drygar » Sun Feb 28, 2016 2:20 am

Icarus149 wrote:I wish the mint representatives also comment on what is currently written on the Debian-Forums regarding this issue and the security concept of Mint in general. This really unsettles me at the moment and I'm seriously considering to dump Mint and move to a different distro...
The problem that happened is not about the security concept and the security of LM OS. This was about the forum, the web site, the servers.

LM OS security&updates have been commented before, just use the search (e.g. Google search or whatever) and look at old forum posts. With LM by default the user decides which kernel to use, how often to update it, when to install updates, which updates. On Ubuntu or U-flavors , by default all available updates are "pushed" and pre-selected to the user including the new kernel versions. Personally, I don't like updating the kernel several times a month for non-security issues or too-low-risk issues.
Fan of XFCE, MATE, Linux Mint, RedHat, ecryptFS, FSF
Open source enthusiast
No security - No freedom
LM 17.2

His name is Linux >> https://www.youtube.com/watch?v=sOtKZA9ri7M

Nap2
Level 1
Level 1
Posts: 3
Joined: Sat Oct 29, 2011 8:07 am

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by Nap2 » Sun Feb 28, 2016 3:45 am

BigEasy wrote:What have to do WIndows users?
http://www.slavasoft.com/hashcalc/
Image

User avatar
LinuxJim
Level 5
Level 5
Posts: 659
Joined: Tue Jan 26, 2016 8:01 pm
Location: Oregon, USA

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by LinuxJim » Sun Feb 28, 2016 4:49 am

Farjohn wrote:So on a whim I added a /*.* to the end of the path and got the hash code for the only text file in the directory. Interesting result.
The *.* wildcard pattern is peculiar to Windows (it came from DOS). Don't use that in Linux - it doesn't mean the same thing. In Windows, it matches all files. In Linux, it only matches files with a dot in the filename. The Linux eqivalent to *.* is simply * - hope that helps.

User avatar
killer de bug
Level 14
Level 14
Posts: 5415
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by killer de bug » Sun Feb 28, 2016 8:19 am

Drygar wrote: On Ubuntu or U-flavors , by default all available updates are "pushed" and pre-selected to the user including the new kernel versions. Personally, I don't like updating the kernel several times a month for non-security issues or too-low-risk issues.
What people don't generally understand is that installing an update to correct a local security issue (like typing 8 times esc to log in something) can create a new security issue. And this new one may be accessed remotely.

Patching is good. Patching blindly is not necessarily a good option.
If it ain't broke, fix it until it is.

lawnmower
Level 1
Level 1
Posts: 48
Joined: Wed May 21, 2014 4:03 pm

Re: The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Post by lawnmower » Sun Feb 28, 2016 5:21 pm

As Steve Gibson said on Security Now 548, what is the point of posting the checksum on the same page as the download? It would be better if this was posted on another website therefore requiring an attacker to change data at two locations??? :?

User avatar
killer de bug
Level 14
Level 14
Posts: 5415
Joined: Tue Jul 08, 2008 1:49 pm
Location: Leuven, Belgium

Re: The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Post by killer de bug » Sun Feb 28, 2016 5:26 pm

It's already the case. The sum is also posted on the blog.
If it ain't broke, fix it until it is.

User avatar
xenopeek
Level 24
Level 24
Posts: 24019
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by xenopeek » Mon Feb 29, 2016 2:56 am

And the MD5 checksum is available with the ISO on every download server, as is the GPG signed and thus verifiable SHA256 checksum.

I put up a tutorial on using the SHA256 checksum (including how to verify it originates from Linux Mint), which killer de bug linked to earlier in this topic: https://community.linuxmint.com/tutorial/view/2266
Image

User avatar
Radish
Level 4
Level 4
Posts: 316
Joined: Sun May 12, 2013 11:20 pm

Re: The 'is my Mint safe?' thread (after Feb 20th hacks)

Post by Radish » Mon Feb 29, 2016 11:41 am

Farjohn wrote:Radish, I keep blowing up my replies, so I'll be brief. You were right; bad case for Documents. Running it again I was told "that's a directory, stupid!" or some such. Again, I should have known better. So on a whim I added a /*.* to the end of the path and got the hash code for the only text file in the directory. Interesting result. Thank you for your help, once again. I think I'm going to assume my install is good and forge ahead. Cheers!
Farjohn, I just did a review of this thread and noticed that in your original post detailing the problems you were having that you said that you had created a directory titled "linuxmint-17.3-cinnamon-64bit.iso" with the file you wanted to check inside that directory. I had not read that properly when I made my response to your post. On that basis the correct command to use would have been:

Code: Select all

md5sum /home/sig/Documents/Mint-17.3/linuxmint-17.3-cinnamon-64bit.iso/linuxmint-17.3-cinnamon-64bit.iso
Note that, again, you can only use the "md5sum" and/or "sha256sum" commands to check the ISO file itself (not any of the content of the ISO as an 'archive'). Thus, the command given above would only work if you had the single FILE "linuxmint-17.3-cinnamon-64bit.iso" inside the DIRECTORY titled "linuxmint-17.3-cinnamon-64bit.iso". The md5/sha256 check is done only against the single file "linuxmint-17.3-cinnamon-64bit.iso"

Sorry for any confusion I was the root of. (I have, "Read posts more carefully!" branded on my brain now.)

P.S. I would strongly recommend trying Xenopeek's method of checking ISO files shown here: https://community.linuxmint.com/tutorial/view/2266 It has a major advantage over my method and is the one that I'll be using in the future. If you go through the instructions there step-by-step then it might become clear to you what it is that you are actually checking when you use MD5/SHA256 checksums.
Mint 17.3 x64 Cinnamon - Rosa
When stating what version of Mint you are using remember to include the "Edition". Is it "Cinnamon", "Mate", "KDE" or "XFCE"? This helps others help you.

fredimac
Level 1
Level 1
Posts: 6
Joined: Fri Apr 18, 2014 4:04 am

Re: The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Post by fredimac » Tue Mar 01, 2016 2:30 am

Now I changed my password.

Are new iso images really save now?
Are you md5 hashes really save?
Are updates for older Linuxmint Cinnamon installations save?

I run Linuxmint Cinnamon 13 Maya LTS 64 Bit in VMware Fusion on an Mac, but not often.
With the the next new LTS release (Ubuntu Trasty follower) I will install them new and likely in Virtual Box.
I use Linux only for test an special tasks.

So I could read a crashed HFS+ partition, that could Mac OS X not repair.

PS: I would not spend money each year for an VM upgrade now and Virtual Box works now very good.
Some year ago Virtual Box was buggy, so I had migrate to Fusion.
--
greetings
Fred

User avatar
xenopeek
Level 24
Level 24
Posts: 24019
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Post by xenopeek » Tue Mar 01, 2016 3:03 am

fredimac wrote:Are new iso images really save now?
They have always been safe. What wasn't safe on February 20th was the download link on the website; that pointed to the server of the attacker where he had placed an infected ISO. The ISOs themselves on Linux Mint servers, mirrors, and torrents have been unaffected and are verifiable safe.
fredimac wrote:Are you md5 hashes really save?
Yes. Better yet, you've been able to use GPG signed SHA256 hashes since Linux Mint 17 so the ISOs can be verified to originate from Linux Mint. See https://community.linuxmint.com/tutorial/view/2266. Since Linux Mint 10 the SHA256 hashes have been available though before Linux Mint 17 not GPG signed.
fredimac wrote:Are updates for older Linuxmint Cinnamon installations save?
Yes. Updates are verified to originate from Linux Mint (or Ubuntu/Debian) before they are installed. Again with GPG signed SHA256 hashes.
Image

User avatar
The-Wizard
Level 12
Level 12
Posts: 4075
Joined: Fri Jan 28, 2011 3:12 pm
Location: Bedforshire, ENGLAND

Re: The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Post by The-Wizard » Wed Mar 02, 2016 7:55 am

Just to put things in to some form of perspective on the overall situation, compare the estimated 145,000 possibly caught out by the Mint attack with the following list of top hacked sites...


Adobe logo 152,445,165 Adobe accounts
Ashley Madison logo 30,811,934 Ashley Madison accounts
000webhost logo 13,545,468 000webhost accounts
Gamigo logo 8,243,604 Gamigo accounts
Heroes of Newerth logo 8,089,103 Heroes of Newerth accounts
Nexus Mods logo 5,915,013 Nexus Mods accounts
VTech logo 4,833,678 VTech accounts
mail.ru Dump logo 4,821,262 mail.ru Dump accounts
Bitcoin Security Forum Gmail Dump logo 4,789,599 Bitcoin Security Forum Gmail Dump accounts
Snapchat logo 4,609,615 Snapchat accounts
Money Bookers logo 4,483,605 Money Bookers accounts
Adult Friend Finder logo 3,867,997 Adult Friend Finder accounts
The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place.

Habitual
Level 13
Level 13
Posts: 4870
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Post by Habitual » Wed Mar 02, 2016 11:57 am

More recent history:
Security breach on kernel.org

Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure.
says https://scalibq.wordpress.com/2011/09/0 ... -org-hack/

User avatar
rcentros
Level 3
Level 3
Posts: 101
Joined: Sun Jan 23, 2011 6:55 pm

Re: The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Post by rcentros » Wed Mar 02, 2016 5:57 pm

To add my 2 cents worth ... I was very impressed by Linux Mint's reaction to this issue. Instead of stone-walling, the Linux Mint crew just shut down and cleaned up the issue. They probably took a big publicity hit but it was the right thing to do.(And, I'm guessing, most of the detractors are just jealous about Linux Mint's success anyhow.) Clem was 100% honest about the whole situation. This is the best possible reaction to an issue like this. I'm sorry we have morons like the hacker, but none of this has made me want to use Linux Mint any less. Thanks everyone on the Linux Mint crew. Great work.

User avatar
GreyGeek
Level 4
Level 4
Posts: 232
Joined: Thu Jan 14, 2016 11:01 pm
Location: Lincoln, NE

Re: The 'is my Mint safe?' thread (after Feb 20th 2016 hacks)

Post by GreyGeek » Wed Mar 02, 2016 9:23 pm

+1 rcentros

Post Reply

Return to “Chat about Linux Mint”