Re: [OT] ISO de Linux Mint comprometidas
El Tue, 23 Feb 2016 06:43:38 +0100, Javier Silva escribió:
(ese formato...)
> Hola,
>
> Como he visto que algunas de las personas de la lista han usado o usan
> Linux Mint, deben estar alerta, ya que este fin de semana han sido
> comprometida alguna ISO de este sistema:
>
> http://ostatic.com/blog/oh-no-linux-mint-hacked-isos-compromised
Interesante el vector de ataque:
"(...) The hacker said he was "just poking around" the Mint Website and
found a vulnerability in WordPress letting them in to obtain a database
dump and get shell access. He stole a dump back in January, but Saturday
unleashed his worst. It only took him a few hours to spin a new 17.3
Cinnamon ISO and begin the upload to a server in Bulgaria. After
uploading, he changed the checksums and set about propagating the images.
It was only an hour later Lefebvre took down the Mint sites according to
Whittaker."
Vamos, un agujero en WordPress. Esos CMS que hacen que las páginas sean
todas iguales los carga el demonio y los administran... hum, mejor me
callo O:-)
Saludos,
--
Camaleón
Reply to: