Re: [OT] ISO de Linux Mint comprometidas

To: debian-user-spanish@lists.debian.org
Subject: Re: [OT] ISO de Linux Mint comprometidas
From: Camaleón <noelamac@gmail.com>
Date: Tue, 23 Feb 2016 15:09:26 +0000 (UTC)
Message-id: <[🔎] pan.2016.02.23.15.09.26@gmail.com>
Reply-to: "A MI NO, ENVIA A LA LISTA" <noelamac+A_MI_NO_ENVIA_A_LA_LISTA@gmail.com>
References: <CAOg_h5afmjUHF82Vj=hvUYdAzgaBj200QvzWimQn1HQZ_80QFw@mail.gmail.com> <[🔎] CAOg_h5Y8uS7EXWq6_JaxstM1Xs2vPQJU7p-0xUHgeEWLWzODmw@mail.gmail.com>

El Tue, 23 Feb 2016 06:43:38 +0100, Javier Silva escribió:

(ese formato...)

> Hola,
> 
> Como he visto que algunas de las personas de la lista han usado o usan
> Linux Mint, deben estar alerta, ya que este fin de semana han sido
> comprometida alguna ISO de este sistema:
> 
> http://ostatic.com/blog/oh-no-linux-mint-hacked-isos-compromised

Interesante el vector de ataque:

"(...) The hacker said he was "just poking around" the Mint Website and 
found a vulnerability in WordPress letting them in to obtain a database 
dump and get shell access. He stole a dump back in January, but Saturday 
unleashed his worst. It only took him a few hours to spin a new 17.3 
Cinnamon ISO and begin the upload to a server in Bulgaria. After 
uploading, he changed the checksums and set about propagating the images. 
It was only an hour later Lefebvre took down the Mint sites according to 
Whittaker."

Vamos, un agujero en WordPress. Esos CMS que hacen que las páginas sean 
todas iguales los carga el demonio y los administran... hum, mejor me 
callo O:-)

Saludos,

-- 
Camaleón

Reply to:

References:
- [OT] ISO de Linux Mint comprometidas
  - From: Javier Silva <fjsilvam@gmail.com>

Prev by Date: Re: Obsolete packages: shutter
Next by Date: Re: [OT] Server Blade
Previous by thread: Re: [OT] ISO de Linux Mint comprometidas
Next by thread: Alternativa a SAGE
Index(es):
- Date
- Thread