[kwlug-disc] Linux Mint site hacked

B.S. bs27975 at yahoo.ca
Wed Feb 24 14:03:18 EST 2016 

So ... growing pains. Ce la vie. Live and learn and hopefully grow.

Let's not beat up on those volunteering their best, and let's not blame them for the misbehaviour of nefarious actors.


> You're likely to find similar one-person shops for many other Free
> Software projects

And praise be for them - we're all certainly the richer for them.

And for the larger projects ... they came from the same place, and many have suffered the same growing pains.

Thank goodness for them all.

Would Cinnamon or Mate have the popularity it does today, without Mint? I think unlikely, or at least not so far so fast.


> SysAdmin is hard. SecAdmin is harder.


Not so sure of that. Or ... not supposed to be. Isn't that the point of auto-application of security updates? [And ... after breach ... cue SysAdmin.]

Never mind that for such sized projects, they're one in the same person, frequently.



Regardless of current events, kudos to Mint for doing what it has. Lots of others haven't had as much success, and good on them.



----- Original Message -----
> From: Bob Jonkman <bjonkman at sobac.com>
> To: KWLUG discussion <kwlug-disc at kwlug.org>
> Sent: Wednesday, February 24, 2016 12:44 PM
> Subject: Re: [kwlug-disc] Linux Mint site hacked
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> While "Peace", the hacker who compromised the Linux Mint site,
> provided evidence of a the breach in January, there is no evidence
> that Clem or anyone else performing SysAdmin work on the site was
> aware of the breach until it was announced.  A tweet is hardly
> responsible disclosure.
> 
> You're likely to find similar one-person shops for many other Free
> Software projects: GnuPG, NTP, GNUsocial. None of those have the
> staff, money or other resources to conduct regular pentests or
> intrusion detection.
> 
> SysAdmin is hard. SecAdmin is harder.
> 
> - --Bob.
> 
> 
> On 2016-02-24 12:29 PM, Khalid Baheyeldin wrote:
>>  I am not questioning intentions. Good intentions on their own are
>>  not enough. And I am not commenting on skill or expertise.
>> 
>>  Specifically, the big issues that the incidents at hand uncovered
>>  are:
>> 
>>  - Being silent about a hack that copied user data for a month. -
>>  Not providing kernel updates - Not publishing CVE information
>> 
>>  This could all be oversight, but in the end it puts users in
>>  danger.
>> 
>>  The prudent action by any user is to find an alternative,
>>  regardless of what the details are.
>> 
>> 
>>  On Wed, Feb 24, 2016 at 12:20 PM, Bob Jonkman <bjonkman at sobac.com>
>>  wrote:
>> 
>>>  It's all well and good to say Free Software projects must be
>>>  managed to professional SysAdmin standards, but how many people
>>>  have contributed towards that goal? As far as I know, Clem is the
>>>  only person actively working on that project, and he openly
>>>  publishes the donations he receives: 
>>>  http://linuxmint.com/donors.php It looks substantial, but when
>>>  you subtract the costs of running the site there's not much left
>>>  over for food and shelter.
>>> 
>>>  --Bob.
>>> 
>>>  On February 24, 2016 12:06:14 PM EST, Khalid Baheyeldin
>>>  <kb at 2bits.com> wrote:
>>> 
>>>>  And the forum database was hacked and sold a full month before
>>>>  they announced they were hacked.
>>>> 
>>>>  Very disappointing to see a popular free software project
>>>>  being mismanaged that way, with no proper updates.
>>>> 
>>>> 
>>>> 
> http://news.softpedia.com/news/linux-mint-forum-database-compromised-for-at-least-a-month-before-announcement-500901.shtml
>>>> 
>>>> 
>>>> 
> - ------------------------------
>>>> 
>>>>  kwlug-disc mailing list kwlug-disc at kwlug.org 
>>>>  http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>>> 
>>>> 
>>> 
>>>  --
>>> 
>>>  Bob Jonkman <bjonkman at sobac.com> Phone: +1-519-635-9413 SOBAC
>>>  Microcomputer Services http://sobac.com/sobac/ Software ---
>>>  Office & Business Automation --- Consulting GnuPG Fngrprnt:04F7
>>>  742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
>>> 
>>> 
>>>  _______________________________________________ kwlug-disc
>>>  mailing list kwlug-disc at kwlug.org 
>>>  http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>> 
>>> 
>> 
>> 
>> 
>> 
>>  _______________________________________________ kwlug-disc mailing
>>  list kwlug-disc at kwlug.org 
>>  http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: Ensure confidentiality, authenticity, non-repudiability
> 
> iEYEARECAAYFAlbN6/wACgkQuRKJsNLM5epNsgCg3KtmolqY2wRgypAdYaUHHfWC
> 4FIAoOI14aqB71PTDgNUXl91Kfo2vGEK
> =VCH3
> -----END PGP SIGNATURE-----
> 
> 
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>

More information about the kwlug-disc mailing list