It has a better claim than Linux Mint and Elementary OS do for justifying the creation an entire, separate OS, though it lacks a dedicated security advisory system--hopefully, that will grow with the project as it matures.
Linux distributions as pet projects or showcases of a particular technology should not be advertised as stable, secure, production-ready operating systems. The multitude of Linux distributions that are functionally technical demonstrations, advertised as stable, and exist as a hobbyist project make the entire ecosystem look unprofessional. The attack against Mint is troubling due to the impression that it is the most popular Linux distribution based on websites that track clicks like Distrowatch.
The problem with this scenario is that the fault lies with practically everyone. Generally speaking, these were pushed to end-users well before they were ready for primetime, thereby driving users away. For a time, Linux Mint "just worked" in a way that other distributions struggled to do. Fortunately, reforms such as Fedora. Did you move to Linux Mint following the introduction of the new generation of development environments?
How important is security in your distribution selection? Share your thoughts in the comments. James Sanders is an analyst for Research. More about open source Log4j vulnerability: Why your hot take on it is wrong Open source year in review: Android in year in review: The highs and the lows Linux turns Celebrating the open source operating system free PDF.
Editor's Picks. The best programming languages to learn in Check for Log4j vulnerabilities with this simple-to-use script. TasksBoard is the kanban interface for Google Tasks you've been waiting for.
In the end of this check, you should see a random number. Match them against their respective versions using the table below:. If you have a live USB or disk still with you, load the live session and run the following command in a terminal:.
But if it finds the file, you have a compromised ISO. Get rid of the ISO. If you burnt it to DVD, trash the disc. At the time of writing this article, Linux Mint website is down. No downloads are available for now. Linux Mint team is backtracking the hackers and have found that the hacked ISOs are hosted on 5.
Both of these lead to Sofia, Bulgaria, and the name of 3 people over there. We need to wait and watch until the dust settles. This is a huge setback to the reputation of Linux Mint. But Linux Mint is not the first one to fall prey to the hackers.
A few years back, Ubuntu Forums was hacked and the all user credentials were stolen. In the cyber world, such attacks are not uncommon. I hope that Linux Mint takes control of the situation and focus more on the security of its websites and servers. Meanwhile, have you been impacted with the malicious backdoor?
What are your views on the entire Linux Mint hacking episode? One of the most attractive things about Mint is that it is free to sign up for and use. To be fair, Quicken offers much more sophisticated features for those with complex financial situations, but if you just need to track your budget and account balances, Mint works just fine. But how can Intuit offer Mint for free and still make enough money to maintain and protect the data? Simple, it works on an advertising model, where Mint analyzes your spending patterns and credit score, and then recommends credit card and other financial products to you.
When you click on one and sign up, Intuit gets paid a referral fee. In addition, Intuit collects large amounts of consumer data from Mint users, which it sells to corporate America. In other words, they only sell the data in aggregate to show big-picture trends and averages.
To really wrap our heads around the security of Mint. Essentially, these can be broken down into four basic questions:. First, they use bank-level encryption and security measures. Want to geek out on password hacking probabilities?
Within Mint, the data is even more secure, as they utilize one of the highest encryption levels out there, bit, to completely scramble your data and hide it from prying human eyes. Now, as great as these protections are, there is no way to completely eliminate the risk that someone might be able to hack into your Mint.
So, what happens if someone does get into your Mint. First, all they have access to is the data itself, not your bank credentials. Therefore, they would know how much you have in your checking account and how much you spend eating out, but could not actually move any money out of your account. In addition, account numbers, Social Security numbers, and other sensitive data are not available inside the Mint.
Further, within Mint there is no ability transfer funds or move money. For all these reasons, your Mint. This information is protected within a special division of Intuit called Customer Central, which handles the actual data aggregation part of the Mint service. The Customer Central servers are located in a separate, highly protected, datacenter within the Intuit corporation that holds the bank account credentials themselves in a bit encrypted database. In addition, these servers are not directly accessible by the internet , but are protected under layers of security software, checking and double-checking the identity of anyone requesting data from server.
In addition, they pay outside security firms and white-hat hackers to routinely test their systems for vulnerabilities, so that they can catch any holes and patch them before the hackers get in. Ok, so Mint has done seemingly everything it can do to protect account credentials. But even still, there is that risk, no matter how infinitesimally small, that a hacker could get in.
0コメント