Hacker News new | comments | show | ask | jobs | submit login

I'll just leave this here

    forums.linuxmint.com pwd
  /root/hacked_distros/mint/var/www/forums.linuxmint.com
    forums.linuxmint.com cat config.php
  <?php
  // phpBB 3.0.x auto-generated configuration file
  // Do not change anything in this file!
  $dbms = 'mysql';
  $dbhost = 'localhost';
  $dbport = '';
  $dbname = 'lms14';
  $dbuser = 'lms14';
  $dbpasswd = 'upMint';

Perhaps the insanely secure db credentials had something to do with the breach?

But what would I know.




I was waiting for you to show up on this one esp how you called out Linode, etc. I figured you'd point out in detail just how behind the security curve they were. Haha.


Yo ryanlol, you made the press again except the pricks didn't mention your name:

http://news.softpedia.com/news/linux-mint-website-hack-a-tim...


I think calling softpedia "press" is an insult to every real journalist.

The fact that they're calling the bot "tsunami" just proves their incompetence. The bot isn't called tsunami, it's called kaiten and it's been open source for more than a decade.

https://packetstormsecurity.com/files/25575/kaiten.c.html

They also managed to confuse FTP and HTTP

>the hackers have only altered the man.cy [https://gist.github.com/Oweoqi/31239851e5b84dbba894] file, where they've added a new function called tsunami.

Doesn't look like they just added a new function called tsunami to me.

>Selling the forum's database for a meager $85 is a sign of their lack of vision. The group seems to have mishandled the entire hack, opting to distribute a silly IRC DDoS bot instead of more dangerous and lucrative malware like Bitcoin miners or banking trojans.

Stupid speculation by writer.

Linux Mint remains compromised despite the current events, it's rather unlikely that kaiten is used as a DDoS bot instead of just a stager to execute shell commands on the affected computers. The presence of DoS commands is meaningless, the only reason kaiten is still used today is because it runs everywhere so it seems fair to assume that that'd be why the attacker opted to just use it instead of writing their own. (No real benefit to that here)

Also, bitcoin mining stopped being lucrative ages ago.

edit: >One person seems to have bought the hackers' files and dumped the forum's config file on Hacker News discussions thread.

I neither bought nor sold the data.


Lmao. Slam dunk. Except for insult to journalism: mainstream press has been quantity over quality for some time now. It's all shit minus the rare few that still practice the real thing.


>I neither bought nor sold the data.

Considering you're still on probation or whatever (I think?), is that really wise to say?


Might not hurt to post this in the comments section of the Mint blog.


If they used the same password on the forums and blog then they still have a problem. They need to be notified of this and change the password to a more secure one.

The config.php file should not be readable by an anonymous user, that is a security risk.


>The config.php file should not be readable by an anonymous user, that is a security risk.

Yes usually unauthorized people having access to your server results in various security risks.


I took the liberty of posting the link to that comment in Linux Mint blog comments. Hopefully they review that soon.


You have an excellent point, but there's no reason to help attackers by giving them the credentials.


Indeed. Instead of `cat`, OP could've used `sha256sum` on the config.php to prove the authenticity of your report without exposing the site to even more attacks.


But that wasn't the point, the point was to expose the level of stupidity at play here.

I strongly believe the users deserve to know just how incompetent these guys are, because next time it won't be some idiot swapping the iso links. It'll be someone slightly more competent that pushes a backdoored commit or gets into the apt repos, and then _every_ _single_ user will be affected...

Also, at the time of the posting the site was down. And it remains so.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: