Archived Why the Linux Mint hack is an indicator of a larger problem (techrepublic.com)
submitted ago by Dopefish
Posted by: Dopefish
Posting time: 4.8 years ago on
Last edit time: never edited.
Archived on: 2/12/2017 1:51:00 AM
Views: 945
SCP: 23
29 upvotes, 6 downvotes (83% upvoted it)
Archived Why the Linux Mint hack is an indicator of a larger problem (techrepublic.com)
submitted ago by Dopefish
view the rest of the comments →
[–] Kookus 0 points 8 points 8 points (+8|-0) ago
Their site was a flawed design, from the ground-up. The methods used by the hacker never would have worked if they'd kept their WP installation up to date. But more than that, they were clearly running a combined front/back-end config, and they had no auditing to speak of. We know the former is true because the hacker was able to change page data as well as upload new ISOs, when the page data should have been isolated on a non-exposed DB back-end, and we know the latter because the hacker apparently first gained access to the site back in January, and any competent level of security auditing would have caught that and stopped this before it became a real problem.
All of this suggests inexperience in site administration; none of it points to any sort of fundamental failure of build philosophy or even a misunderstanding or misapplication of security within the distribution itself. The one has nothing to do with the other unless and until somebody can conclusively prove that the entire Mint OS runs on a poorly-configured WordPress install, set up by the same guy who configured their website.
An argument could be made that the presentation and follow-through suggest a culture that is perhaps not as focused on its public (and public-facing) image, but I think this past weekend will serve as a wake-up call to the people in charge of that aspect of the foundation.
[–] 4390189? 0 points 3 points 3 points (+3|-0) ago
Inexperience in site administration can also be a key to a flawed source code repository. When I update Mint then maybe I also pull in some compromised sources and packages.
I see it all the time, developers finding all sorts of excuses of delivering bad quality and projects that sucks. If Mint wants to be installed in home users computers that have no technical knowledge then it must up its quality. Simple users like my parents must trust the automatic update without need to read the change log.
The success of a product is not only the best tools but also the best PR and image it creates. I still see bugs in the Mint comments section (backtracks) that has a clear indication that they do not have it yet under control.
Interestingly, this hack can also be a big promotion for Mint since it now ends up in Google rankings and make people curious. If Mint can demonstrate that "Yes we sucked at the hack but here is how we are going to fix it" then it might actually get more popular.
[–] DownloadedYourCar ago (edited ago)
No, only the links, changed to point to different iso's hosted by the hackers elsewhere.