|
||||||||
Linux Users general chat thread. |
![]() |
|
|
Thread Tools | Search this Thread |
|
|
#2326 |
|
Forum Member
Join Date: Sep 2008
Location: Sheffield
Posts: 4,234
|
Too late it seems. According to Have I Been Pwned? I most certainly have.
I can't remember what data I did input on their site. I often use the wrong birth date and other data, just in case something like this happens. But they at least have my email address... |
|
|
|
|
Please sign in or register to remove this advertisement.
|
|
|
#2327 |
|
Forum Member
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
|
Apparently, the prize pillock responsible for the Linux Mint site hack goes under the name of 'Peace' and more info here: http://www.zdnet.com/article/hacker-...mint-backdoor/
From what I've read elsewhere, the cyber trace leads back to Bulgaria and Russia and the law enforcement authorities have been informed. Further info here: http://blog.linuxmint.com/?p=2994 |
|
|
|
|
|
#2328 |
|
Forum Member
Join Date: May 2009
Location: Devon
Posts: 12,837
|
Is the Lubyanka and its rubber truncheons still going?
|
|
|
|
|
|
#2329 |
|
Forum Member
Join Date: Mar 2006
Location: Scottish Borders
Posts: 11,989
|
Quote:
Too late it seems. According to Have I Been Pwned? I most certainly have.
I can't remember what data I did input on their site. I often use the wrong birth date and other data, just in case something like this happens. But they at least have my email address... But none of my email addresses have (according to that). And the only site on their list where I could have used that username is the Mint forum. ![]() Don't remember ever posting there, but I did sign up to the Ubuntu forum under this name, and I have posted there, so I probably signed up to the Mint forum round about the same time 2007/8. |
|
|
|
|
|
#2330 |
|
Forum Member
Join Date: Jan 2012
Posts: 5,100
|
This hacking proves Linux just isn't safe despite the hype about security.
|
|
|
|
|
|
#2331 |
|
Forum Member
Join Date: Oct 2005
Posts: 3,663
|
Quote:
This hacking proves Linux just isn't safe despite the hype about security.
|
|
|
|
|
|
#2332 |
|
Forum Member
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
|
Quote:
This hacking proves Linux just isn't safe despite the hype about security.
Linux operating systems are still safer than Windows and OS X operating systems and there's a fairly good explanation here: http://www.pcworld.com/article/20245...n_windows.html To use an analogy, a Linux operating system is like Vista on steroids in terms of security. All I have is a firewall and that's it - I don't use antivirus or anti-malware packages. In addition, I have found that maintenance of Linux systems is far less time consuming than their Windows equivalents. |
|
|
|
|
|
#2333 |
|
Forum Member
Join Date: Jan 2012
Posts: 5,100
|
The Linux distribution channel has never been safe and is always open to infiltration like this. Who knows how many people have compromised Linux installations. I bet it's a big percentage of an admittedly tiny number of people using Linux.
|
|
|
|
|
|
#2334 |
|
Forum Member
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
|
Quote:
The Linux distribution channel has never been safe and is always open to infiltration like this. Who knows how many people have compromised Linux installations. I bet it's a big percentage of an admittedly tiny number of people using Linux.
For example, the UK's GCHQ Communications-Electronics Security Group in Cheltenham conducted a comparison of the security of assorted widely used operating systems and guess which operating system came top in terms of inbuilt security? It was Ubuntu which is a Linux operating system. A summary and graphical table is here http://insights.ubuntu.com/wp-conten...rt-Summary.pdf and green represents safe and good, orange represents mild risks and red represents significant risks. |
|
|
|
|
|
#2335 |
|
Forum Member
Join Date: Jun 2006
Posts: 3,827
|
Quote:
The Linux distribution channel has never been safe and is always open to infiltration like this.
|
|
|
|
|
|
#2336 |
|
Forum Member
Join Date: Oct 2005
Posts: 3,663
|
Mints Back
yeah Clems back up and runninghttp://www.linuxmint.com/index.php You can resume downloads as well http://www.linuxmint.com/download.php Forums room is still being switched on. http://forums.linuxmint.com/ Should expect a news release soon ![]() Bet he's ready for a sleep. Would bet his security on his sites have been ramped up a few levels. Getting advice from the community/Debian/Ubuntu/RedHat. |
|
|
|
|
|
#2337 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,541
|
Quote:
What happened? Oh dear....Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.
|
|
|
|
|
|
#2338 |
|
Forum Member
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
|
Quote:
yeah Clems back up and runninghttp://www.linuxmint.com/index.php You can resume downloads as well http://www.linuxmint.com/download.php Forums room is still being switched on. http://forums.linuxmint.com/ Should expect a news release soon ![]() Bet he's ready for a sleep. Would bet his security on his sites have been ramped up a few levels. Getting advice from the community/Debian/Ubuntu/RedHat. ![]() I think that this incident serves as a reminder that website integrity and security needs to be taken into account even if the websites concerned serve an altruistic, benevolent or charitable purpose. |
|
|
|
|
|
#2339 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,541
|
Certainly something to consider, that in Linux one of the main reasons why it doesn't have the security issues is partly because of it's unix design and underlying security. However we should also consider it's just code, and code doesn't care which brand, banner or name it is associated with, as we can see with the latest issues like glibc.
As well as that you also have to bear in mind the integrity of the distro, the repos, and the websites hosting the .iso mirrors. There's little point in Linux (or Mac users for that matter) thinking they are immune to security vulnerabilities or issues as they aren't. Whether that's through websites serving the distro, right through to the libraries in use etc. |
|
|
|
|
|
#2340 |
|
Forum Member
Join Date: Sep 2008
Location: Sheffield
Posts: 4,234
|
Quote:
Unlike the millions of pirated versions of Windows out there, which are bullet-proof, right?
I mean, I don't trust Microsoft a great deal, but I think I'd rather just pay for the OS than hand my soul over to Russian hackers. As for questions raised about the integrity of the distribution channel; this was spotted very quickly and dealt with immediately. How many people have unwittingly downloaded tampered-with Windows iso's from locations claiming to be legit, and very much looking the part? |
|
|
|
|
|
#2341 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,541
|
You're not comparing apples with apples and anecdotal speak of people downloading OS's from pirate sites has nothing to do with it, I'm sure there's lots of dodgy linux distro sites too. This is about malware iso's with back doors in being hosted on the official website for that major Linux distro, which is a wordpress site served over a non secure http connection.
|
|
|
|
|
|
#2342 |
|
Forum Member
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
|
Last year, we got this surprise shock and today there is another one:
Microsoft has made SQL Server for Linux. Repeat, Microsoft has made SQL Server 2016 for Linux. Microsoft has ported its SQL Server software to Linux and has promised to release it in full by next year. Unlike the Gates and Balmer years (double ![]() ), it appears that Satya Nadella is adopting a far more pragmatic and rational "what works" policy and that is most welcome. That said, we are definitely not going to see a RedmondOS on Distrowatch soon if ever.
|
|
|
|
|
|
#2343 |
|
Forum Member
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
|
...and things get even more weirdling:
Microsoft has crafted a switch OS on Debian Linux. Repeat, a switch OS on Debian Linux. Toolkit for wrangling networks released. ^^^ There is only so much of that news I can take before there's overload - it's as if this universe has suddenly become an alternative timeline universe overnight. In other news, GalliumOS is in development: https://galliumos.org/ https://wiki.galliumos.org/FAQ It is possible that even they might get a communication from Google's goons in the form of their Trademark Enforcement Team. |
|
|
|
|
|
#2344 |
|
Forum Member
Join Date: Sep 2008
Location: Sheffield
Posts: 4,234
|
Quote:
Too late it seems. According to Have I Been Pwned? I most certainly have.
I can't remember what data I did input on their site. I often use the wrong birth date and other data, just in case something like this happens. But they at least have my email address... Been following this story this week, and it's got me a little worried to upgrade this spring. Although I don't use the proprietary driver myself, it still seems like it might be tricky to use any driver for my AMD GPU this year in any new distro. May have to stick with this edition of Mint until a later date. Bit sad about that as I love the spring round of distros. Keeping an eye on it though. |
|
|
|
|
|
#2345 |
|
Forum Member
Join Date: May 2004
Location: Storbritannia
Posts: 28,916
|
Quote:
Lucky me, I did indeed only input my email, a unique password, and incorrect personal data, so this didn't cause me any noticeable issues thankfully.
Been following this story this week, and it's got me a little worried to upgrade this spring. Although I don't use the proprietary driver myself, it still seems like it might be tricky to use any driver for my AMD GPU this year in any new distro. May have to stick with this edition of Mint until a later date. Bit sad about that as I love the spring round of distros. Keeping an eye on it though. "AMD has been investing heavily toward their new Linux driver architecture that centers around the open-source AMDGPU kernel driver. That new driver stack is coming out later this year, but in the mean time it appears rather clear now that it doesn't look like AMD will be maintaining the current Catalyst / Radeon Software Linux driver stack until that time.Currently FGLRX doesn't even run X.Org Server 1.18, which just landed in Xenial and it doesn't look like it ever will." ...but that's not much use to those who are having to deal with legacy AMD hardware right now. Are any workarounds emerging from any forum discussions? |
|
|
|
|
|
#2346 |
|
Forum Member
Join Date: Oct 2005
Posts: 3,663
|
Quote:
The comment below was helpful...
[i]"AMD has been investing heavily toward their new Linux driver architecture that centers around the open-source AMDGPU kernel driver. ...but that's not much use to those who are having to deal with legacy AMD hardware right now. Are any workarounds emerging from any forum discussions? They have been saying that for years, still haven't improved. That's why i bought a NVidia card last year, way better support, i also load with a few simple clicks of the mouse, the NVidia drivers, that are also better than the Open Source ones. |
|
|
|
|
|
#2347 |
|
Forum Member
Join Date: Sep 2008
Location: Sheffield
Posts: 4,234
|
Quote:
...Are any workarounds emerging from any forum discussions?
![]() Quote:
That's why i bought a NVidia card last year, way better support, i also load with a few simple clicks of the mouse, the NVidia drivers, that are also better than the Open Source ones.
Luckily, they do have Windows install on their systems so not that big a deal for them if they have to go back. They don't want to, but they could if needs be. But myself, I really don't want to consider options like this until I am sure it is absolutely necessary. |
|
|
|
|
|
#2348 |
|
Forum Member
Join Date: Mar 2006
Location: Scottish Borders
Posts: 11,989
|
It's difficult for me to glean what is actually being suggested here?
(after reading the links )I've got 3 desktop PCs with oldish AMD graphics cards (X 300, HD 2600 Pro, HD 5450). I only ever use the inbuilt drivers on Linux. In fact I don't think I'm ever offered any proprietary drivers for these AMD cards. And I never have any problems with graphics, although I don't do any gaming on Linux. Is there some suggestion that the inbuilt graphics drivers are suddenly going to stop working or start not working as well as before? Or is it just the extra proprietary drivers that are going to be affected? Or is it a case of everyone waiting to see what's going to happen? |
|
|
|
|
|
#2349 |
|
Forum Member
Join Date: Sep 2008
Location: Sheffield
Posts: 4,234
|
Quote:
It's difficult for me to glean what is actually being suggested here?
(after reading the links )I've got 3 desktop PCs with oldish AMD graphics cards (X 300, HD 2600 Pro, HD 5450). I only ever use the inbuilt drivers on Linux. In fact I don't think I'm ever offered any proprietary drivers for these AMD cards. And I never have any problems with graphics, although I don't do any gaming on Linux. Is there some suggestion that the inbuilt graphics drivers are suddenly going to stop working or start not working as well as before? Or is it just the extra proprietary drivers that are going to be affected? Or is it a case of everyone waiting to see what's going to happen? But I dunno, like you I'm finding it difficult to follow exactly how we might be impacted here. There's a lot of conflicting info about an scare-mongering, which to be fair, my bullshit detector usually picks up on and engages my default "nothing to see here" mode. You might otherwise recognise this as being in denial. But this one does have me a little concerned. The company seems rather blasé about it on the Phoronix forum.I'm trying not to worry, and just see how we go. Regardless, next month I'll be installing Ubuntu 16.04 on spare partition, and I'll be reporting back.
|
|
|
|
|
|
#2350 |
|
Forum Member
Join Date: Mar 2006
Location: Scottish Borders
Posts: 11,989
|
Quote:
Yes, there's an implication that if you have an older card, then you will get an open driver that is some way behind what you might be used to.
But I dunno, like you I'm finding it difficult to follow exactly how we might be impacted here. There's a lot of conflicting info about an scare-mongering, which to be fair, my bullshit detector usually picks up on and engages my default "nothing to see here" mode. You might otherwise recognise this as being in denial. But this one does have me a little concerned. The company seems rather blasé about it on the Phoronix forum.I'm trying not to worry, and just see how we go. Regardless, next month I'll be installing Ubuntu 16.04 on spare partition, and I'll be reporting back. ![]() ![]() Yes, my Ubuntu is on 15.10, so is likely to be the one affected first, when I upgrade to 16.04. I've also got Mint 17.3 and Elementary OS Freya, both based on 14.04 (I think?), so doubt they'll be affected in the meantime. The Elementary is on a PC with Intel HD 2000 graphics anyway, so not relevant Also I've got Arch based Antergos Gnome, which is rolling release, so I guess that could be affected anytime? |
|
|
|
![]() |
|
All times are GMT. The time now is 21:37.





yeah Clems back up and running
)