On February 20 the popular distro, Linux Mint, it was hacked. News that was announced by the director of distribution Clement lefebvre.
Basically, the hacker, who calls himself Peace, manages to do it thanks to a site security flaw, located in a WordPress plugin. Once inside the site, the hacker affected the download area, redirecting the download links from Linux Mint 17.3 64-bit with Cinnamon Desktop to a non-secure server.
The downloaded Linux Mint ISO, has within it the Tsunami malware. That allows the hacker to create an intentional breach to access the system maliciously. In this way you can create a botnet, controlling the infected computers. Tsunami has been used on previous occasions to DDoS attacks.
It didn't take long for Linux Mint users to realize the whole thing, thus taking the necessary security measures to not allow the ISO images that were contaminated to continue to spread.
Linux Mint 17.3 was also reported to be the only version affected.
Hackers are known to have planned to implement a 32-bit version with malicious code of Linux Mint 17.3 with the Cinnamon desktop, but they failed to execute it.
It was confirmed that hackers managed to extract users' personal data and forum data from the website on two occasions: the first time on January 28 and then on February 18. This data includes: Forum user names, encrypted copy of the password, email, personal information found in your profile and any type of personal information that has been written in the forums.
The Linux Mint team has made the necessary corrections on their website. You can now download, safely and free of threat, Linux Mint through direct links or BitTorrent. Also if your installation does not have security gaps, you can perform updates without any inconvenience.
The only way you got a bad version was through a mirror download link, to download the 64 bit version of Linux Mint with Cinnamon desktop, this during the day Saturday February 20.
To make sure your Linux Mint ISO is secure you must use a Linux console and run the following command md5sum tuArchivo.iso where tuArchivo.iso is the path and name of the file you downloaded.
The following is the list of the valid MD5s:
- 6e7f7e03500747c6c3bfece2c9c8394f –Linuxmint-17.3-cinnamon-32bit.iso
- e71a2aad8b58605e906dbea444dc4983 –Linuxmint-17.3-cinnamon-64bit.iso
- 30fef1aa1134c5f3778c77c4417f7238 –Linuxmint-17.3-cinnamon-nocodecs-32bit.iso
- 3406350a87c201cdca0927b1bc7c2ccd –Linuxmint-17.3-cinnamon-nocodecs-64bit.iso
- df38af96e99726bb0a1ef3e5cd47563d –Linuxmint-17.3-cinnamon-oem-64bit.iso
If you notice that any alphanumeric number is different, delete the file immediatelyas it may be infected or damaged.
In case you have the ISO image on a DVD or USB device, but have not installed it yet, do the following: Disconnect your computer from the Internet, then start a live session of Linux Mint. Done this, find the following file /var/lib/man.cy. In case you see it, your ISO image is infected. In this case, get rid of the DVD or format your USB device.
If unfortunately you are one of the many infected, take the following measures:
- Disconnect your computer from the Internet.
- Make backup copy of your personal data.
- Format the partition.
- Install a fresh, clean copy of Mint.
- Change the passwords for your websites that contain private information.
- Restore your personal data.
The problem is not only that many users have downloaded the contaminated ISO, but also the amount of information that was extracted from the different users is worrying. One way to check if your data has been stolen is by entering the website HaveIBeenPwned to verify.
Users are most likely using the same password on different websites, so the importance of changing the passwords of other websites where you have sensitive information is emphasized.
The important thing is to keep YOUR information safe.
You write about the hackers in plural. How do you know that there were more than one? The iso image I have of LinuxMint Cinnamon dates from 6.12 past. Also, since before the day 20.2 I had not started LinuxMintDebian Rosa, since I have it installed on a somewhat old computer. Today I booted it up and it has been extensively updated. However, I will throw out the commands you recommend and see what the result is.
It is unknown if it was a single hacker or a group. They just left the mark of Peace. However, the vulnerability is exploitable on different websites, there may be several hackers taking advantage of it.
If you downloaded it in December you shouldn't have any problem, it never hurts to try ...
If you are registered in the Mint forum, if it is recommended that you take the aforementioned precautions
regards
They were not hackers but cyber criminals, as Chema Alonso says very well
Here I do a good, serious and detailed analysis after using Linux and Windows for so long. Some people may agree and others may not, but that's what I think.
GNU / Linux is very stable and secure, but for a home user, switching from Windows to GNU / Linux is a cold bucket on the back.
In other words, a person who used Windows, who listened to their mp3s, watched movies, downloaded movies, played games, had their gamepad, webcam, wifi, video card, scanner, printer now must know what are proprietary drivers, proprietary drivers, commands (Terminal), legal terms about drivers and codecs?
Not to mention printing: HP printers come with their drivers and utilities CD, to print high quality, only black ink cartridge, fast economic ... in Linux, the HP software comes in English and generally without those options, and prints too much strange.
Besides leaving Microsoft Office behind, what is the best office software? And games, stop taking advantage of the powerful graphics card. Not to mention that there are many motherboards that do not have good drivers in linux?
And I fall short, if I talk about multimedia and formats!
Another thing, there are contradictions in GNU / LInux. On the one hand, there are those who support proprietary software and those who say that Linux is not totally free.
And yes sir: LINUX FAILS, IT HAS ENOUGH ERRORS, sometimes when starting, other times in execution, other times unity or KDE or GNOME crashes, and also just like Windows, and the user's account is damaged! just the same! I say this from experience in canaima GNU / linux and educational canaima systems! Hundreds of damaged computers on the market, of children using canaimitas, with GNU / linux, fail too much.
For those who do not know canaima, it is a project of the Venezuelan government, using GNU / linux.
For example, UBUNTU is the most popular, however the defenders of GNU / Linux recommend not to use it, but to switch to distributions like Trisquel, which personally is another bucket of cold water: lacking drivers, especially for WIFI. And you have to switch to Trisquel to be "supposedly" free, when you lose freedom because you can't use your PC.
Also, many things you cannot do using GUI (graphical user interface) having to resort to using commands, Terminal. Which I consider a backwardness, in the XXI century and even using consoles, as in the 80s? Please, now is the time to use the graphical interface: fewer commands and more graphical controls.
For a Home user, I think GNU / linux lacks too much. Too technical and legal aspects. I see Linux very good as for the industry: programming, robotics, supercomputers, web servers, backup copies, Wi-Fi servers (which is used a lot), and things like that. Since the industries have to "get off the mule" by paying rights for the use of software, and how beautiful it is that with Linux they do not have to pay royalties or use rights: adapting them to their embedded or industrial systems.
For example, Windows gives many errors in ATMs or automatic teller machines, Linux if it would be good there since those tellers are very heavy duty, and Windows is delicate for that kind of work. Linux is a 24 hour system, 365 days a year :)
For a home user, a much simpler and more multimedia system is better, such as Windows.
I am a computer repairman, and I recently installed linux on a client. A few days later he returned telling me that he did not like it, and to return to windows.
Another thing, there are too many flavors and distributions, which after all make spending too much time lowering the isos, and there are things that some have and others do not.
And well I have gotten very good software in linux, which I didn't even know using windows, like VLC, playitslowly, Stellarium (it doesn't work well in Windows), Gimp, and others.
For me the most important thing is not the OS, but the programs that work there, which is useful. Windows without compatible software is rubbish!
Personally, Linux is for the industry.
And by the way, I write this article using Ubuntu, and google chrome (which by the way, not even google chrome appears in the store, I had to do tricks to install it)! I have it experimentally, and it costs to install it: hours and hours downloading the updates and downloading the proprietary drivers!
The growth of Linux is iterative, as is almost all software.
You are right to point out that Linux is for the industry and it is a fact that it dominates the world of servers and embedded systems.
But that's not why you have to lose faith that it becomes user-friendly. I agree that it is not the most user friendly operating system. But if we analyze the development of graphical interfaces, in recent years incredible advances have been made.
We can say that it is a matter of time for the experience in Linux to be comparable to that of Windows, so you should not give up and stop working for it at this time.
Every day the drivers improve, we already have Steam on Linux, with a base of native games for Linux. We have the Steam Machines, consoles - low cost PCs for video games.
We know that DirectX is very mature, very stable and super friendly for developers, but the graphics APIs for Linux have been improving a lot. Like, it's a matter of time.
It should be noted that Microsoft is now releasing many of its private components ... This is an important indication, as large companies realize the benefit of releasing their software or components. The rapid growth of free communities and the stability it offers is excellent, proof of which is that almost all the tools in the Big Data world are Open Source, the Internet of Things is made possible by Open Hardware.
So the Open world is as bad as you suggest? Or is it just a matter of work and effort?
Remember that the Open Source philosophy can be summed up in a very pragmatic way in "Don't reinvent the wheel." Why invest time and human effort to solve a problem that someone else has already solved? Instead of solving the same problem over and over again, we can build on what has already been done and focus on new problems.
I agree with your answer. But it is logical, I knew computers from the hand of Unixware, many years ago.
I cannot comment on Microsoft systems because I have never used them, apart from some StarOffice migrations that were initially installed on Windows OS in the first phase, in the second the Windows were replaced by Debian.
I also want to thank you for the work you take to write your post on this blog. They are always interesting and always a pleasure to read.
I suspect that the Spanish in which you write is from the other side of the Atlantic, because sometimes I find expressions that suggest an Ibero-American origin.
In the writing of this post I have found some concordance errors that (I hope you don't mind) you could solve, if you have the time and desire.
This paragraph of the post:
«In case you have the ISO image on a DVD or USB device, but have not installed it yet, please do the following: Disconnect your computer from the Internet, then start a live Linux Mint session. Once this is done, find the following file /var/lib/man.cy. In case you see it, your ISO image is infected. In this case, get rid of the DVD or format your USB device ».
It begins with a "have" which becomes a "you have"; it continues with a «disconnect», a «start», a «search» and ends with a «desaste» (which in Spanish would be a «undo») and a «format your device».
That is, it begins by addressing the reader as "you" and ends with a "you." This in Spanish from Spain is a mistake. Either you address the reader as you (it is the most formal way) or you (it is the most informal way, the one used among young people who know each other).
Written in Spanish from Spain and with the most formal treatment, it should look like this:
«In case you have the ISO image on a DVD or USB device, but have not installed it yet, please do the following: Disconnect your computer from the Internet, then start a live Linux Mint session. Once this is done, find the following file /var/lib/man.cy. If found, your ISO image is infected. In this case, get rid of the DVD or format your USB device ».
Best regards 🙂
VLC player reads what you throw at it, although to watch movies I prefer Kodi.
Ms Office is neither better nor worse than Libreoffice or WPS Office for ordinary people.
I have an HP MFP with which I print and scan without problems using Xsane.
I just play with my camera and my design tools.
In what I do give you the reason is that Linux also breaks like any system. But I think Linux is for whoever wants to use it. Anyone you teach Ubuntu or anything that doesn't look like "business as usual" gets scared. I believe that each one is free to decide and freedom is precisely being able to choose.
After all my experience with Linux, which is rather little (I also came from Windows) I only have words of thanks and encouragement for those who participate in this impressive project and community. I admire all those hell people!
Thanks for sharing your experience
I understand you, but it is a bad approach, it does not depend on whether the user is a domestic user, but whether their specific computer is well supported. As a user, before installing a specific GNU / Linux distribution you should do the following: 1.- Choose the appropriate desktop for your processor and yourself, if it is a basic, old processor, etc. You should use a light one like XFCE, Cinnamon,…, if you have a powerful computer use whatever you want but be careful, if it is powerful but it gets very hot you have made a bad purchase and you should use a light one so that it does not spoil soon due to overheating. 2.- Create a memory stick (pen-drive) with the distribution you prefer of a friendly type (Linux-Mint, Ubuntu, Canaima,…) and the desktop chosen in point 1. 3.- Start from the pen in mode LIVE and test all your hardware, including the printer, the scanner, connect your Wi-Fi, the microphone, the webcam, ... and if something doesn't work, if you don't have much idea just quit, stick with Windows and next time choose a computer with compatible hardware. If you have an idea you can update to the latest kernel to see if the hardware already works, otherwise, give up the idea or have a double boot to use windows when you require that hardware.
That a certain hardware does not work is not the fault of linux, but of the manufacturer, in Windows it also happens, right now take a Sony Vaio SVF1521N1EW that came with W8.1, update to W10 and say goodbye to using the webcam, as you spoil something (I have seen the cortana search engine stop working) and the W10 system is reinstalled, you will see that the backlit keyboard is a nightmare to turn it off, Sony does not have the VAIO Control Center program available for Windows 10, etc.
If you want Linux and you don't use games with a lot of graphic power, simply buy an Intel with an integrated Intel graphics card on the board, test that the wifi, webcam, etc. is compatible. and if it is ASUS try to return even the windows system (42 euros to the pocket): https://blog.desdelinux.net/devolucion-canon-windows/
Some good friend would like to have something like a Rolls-Roice, with the power of an F1, the look of a Lanborgini, and other washers like fancy disco-like sound and light play, and the like. You can get all that, and brag, but that costs a long ticket, and that luxury cannot be given by just any kid of a neighbor. Furthermore, whoever may have it will only be able to exhibit it to very few friends, and with enough security. No way to get out with him on any congested road in any congested city any day of the week. They crash it, steal it, look at it as a freak, etc. You can dream, and dream, but this type of dream seems more like a nightmare. That is being a masochist. Instead, I get myself a Mac Book Pro 2015, or newer, and avoid so much suffering. If I had an immense fascination with Windows, I would stay there, and good luck.
A mortal user, of this world, who does not mind sharing and feels pleasure in using free, open source software, is welcome to enjoy it. The first thing is to forget about those blue windows that are pure mirage. Second, it is enough to take a couple of turns through some Linux dixtros to know the richness that exists, you just have to worry about learning a little bit of basic computing, the same as if you were going to use W. for the first time. The certainty that everything you can think of can be done with a GUI is pure appearance, neon lights. I prefer to know what goes underneath this framework. I feel like moving behind the curtain and, without being a genius, discover what's there, and what's going on there, and not let anyone put their fingers in my mouth outside. I come with this plan to discover this wonderful universe that is free software, Linux, and to start, Ubuntu is a great starting point, as friendly or more so than any proprietary software. I don't regret discovering it. And every day I want to learn more. To stop being ignorant, naive, trusting and dependent is to start being free, start growing, being autonomous, deciding oneself about one's own life and, to some extent, contributing something so that this world does not become a society of sheep. They need someone to push them, or pull them. Fortunately there are people who are not miserable and share their knowledge with others who may not have had the same opportunities to learn. Thanks to free software, the poor – we are the majority of the planet, and we cannot afford certain luxuries – can participate in these cultural assets that are information and communications technologies. And this blog'Desdelinux'It's an excellent company. We are very lucky in many ways: we are not alone, and it costs us nothing, or much less than what we would have to invest in other developments. And incredible satisfaction is achieved.
My humble comment is that since I got to know the Linux world with all its variants (Ubuntu-Minth-Lubuntu etc) I am calm and it fulfills all my expectations which Windows does not (I feel like a slave). Therefore, the Hacker world keep making life impossible for those who do not want to share and who are selfish. This causes that we have to Patch and all its synonyms and be such computer criminals to get out of that slavery, something that no longer happens to me with the linux environment. In order not to get off the subject, I think that hackers work to show that Windows is really a fiasco and was born badly born (with bad milk) .In my country we have a saying that when you Putean your ears burn in my case and my years of putting up with me I don't know what would burn BILL. Well, unfortunately for my work I have two or three applications (no more) that I can't solve with Linux but all the rest… ..so I keep an old win XP or WIN 7 already with What is coming I have a headache. I do not want to do personal catharsis but I add with this to Paul Kelsey (which I agree with his opinion) that the work that thousands of people are doing to make a Free OS we must not BOYCOTT IT.
As at the beginning I humbly said a hug to all Olaf Albrecht
projectsolaf.blogspot.com.ar
This is excellent news not only because of what has happened but also because of the measures to be followed ...
CHEERS !!!
I am a new home user. When I started in the computer world I did it with Windows XP, but when I discovered the world of free software I started in it and I do not regret it at all. Certainly at first you must learn basic rules if you want to use your machine and learn with interest, like everything in life. No one is going to give me anything that I have not previously earned. As long as free software exists, I will never buy a Windows computer. My printer, since I learned to configure it, has never failed me, although I must admit that there are distributions where this is somewhat impossible, but you have to be tolerant and try to understand the inconveniences that these things entail.
Thanks @Xurxo!
You are absolutely right, I am from the other side of the Atlantic as you say hehehe From Venezuela to be precise.
I really appreciate your style corrections. I will take them into account for future posts!
from linuz mint
you go to the folder where the iso is
right click on iso
scroll to check MD5 option
A text box will appear informing you of the MD5
you can do it in another way without going to the terminal: note that you must do it from the linux mint installed on your computer
You go to the folder where the iso of the distro is located and you right click on the iso and go down to the option check MD5, wait a while and you get a dialog box showing you the same
all this you can do from your installed linux mint
Thanks for the information to verify if we are infected or not. It tested negative.
Hello, first of all thanks for sharing the information (I already saw it when it came out).
Fortunately for my clients, friends and family I always installed the matte version. And now that 16.04 is out, the Ubuntu mate version is already out.
For those who don't like the Gnu / Linux world, stop bothering and rather appreciate the effort (generously free) of the people who make it possible at all levels.
I am a user of both OS depending on what I need at all times and personally I think that ABOVE ALL a home user should use a Gnu / Linux OS, because if everything works it will save a lot of headaches and portfolio (security and licenses), you can continue to use an old computer without having to update it.
If you need to use some software or hardware that ONLY works with Windows and you don't have enough computer to virtualize for example a windows xp then personally I think you have no choice but to use Windows.
With Windows (10), apart from a few hours to configure it decently to work well I use: Antivirus (Avast), Malwarebyte Anti-Malware, Keyscrambler, Clover, VLC, 7-Zip, Flash Player, Deep-Freeze, Acronis true image, Firefox, Classic shell, Ccleaner, Driver reviver, Handbrake, Kodi, Transmission-QT, WinCDEmu, Gadgets revived, Teamviewer, VNC, Airdroid, Skype, Dropbox, Jdownloader, MouseServer, Silverlight, WPS Office free and Virtualbox to use Gnu / Linux. XD
I hope it has been a constructive and useful contribution for some.
The good is shared!
regards