![]() ![]() The troubling trend of desktop showcase distributions Creating a pseudo-fork of an existing distribution to showcase a DE, while blacklisting updates–some of which are security updates–because it interferes with the DE is staggeringly irresponsible and tantamount to security malpractice. ![]() The task of maintaining and securing it is not a trivial task, and it requires more infrastructure and resources than the Linux Mint team possesses. #Linux mint codeThe code produced and value added by the Linux Mint team is in Cinnamon, which is available as a default DE in properly designed distributions such as Debian, Fedora, and openSUSE–all of which have security advisories. This is not a Linux distribution and this is completely backwards from the way things are supposed to work. As outlined above, security patches and updates that work perfectly in Debian and Ubuntu are blacklisted as needed to not break under Mint–the only differentiation Mint provides is Cinnamon, thereby breaking security so that it “just works.” The repositories contain packages compiled for Ubuntu, without modification or recompilation. #Linux mint updateLinux Mint, when considered as the sum of its parts, is the Cinnamon desktop environment (DE), mintTools (software installer, update manager, backup too, welcome screen, etc.) and GNOME extensions built on top of an LTS version of Ubuntu. What exactly constitutes a ‘Linux distribution?’ Consequently, the packages incorporated are older, on average, than in previous releases, and if blacklisted are both old and insecure. Additionally, there is an issue with shifting release cadences–with version 17, the underlying base moved from standard releases to Long-Term Support (LTS) releases of Ubuntu. ![]() This leaves users vulnerable to potential root exploits and hardware issues. Users must run apt-get dist-upgrade in a terminal in order to receive updates, when users of Ubuntu receive the same kernel updates automatically. Linux Mint has the somewhat peculiar design decision of not updating the kernel using the graphical update manager. ![]() Not every package in Linux Mint is available in Ubuntu or Debian, and this argument is further complicated by the fact that updates that work perfectly in Ubuntu or Debian are blacklisted by the Linux Mint team due to compatibility issues. Unfortunately, it lacks any sort of security advisories–Linux Mint evangelists insist that referring to the Ubuntu or Debian advisories is sufficient. The architectural design of Linux Mint inherits a great deal from its upstream sources Debian and Ubuntu (which is itself based upon Debian). While these attacks are regrettable, and part of an infrastructure problem rather than a problem with the distribution itself, it increasingly appears that the Linux Mint team, led by project leader Clement Lefebvre, is spread too thin when it comes to security. At the time of this writing, the forum remains down while the main Linux Mint website was reinstated and compromised again shortly thereafter. The user forum, which was powered by phpBB, used PHPass to hash passwords, which is possible to crack. The same hacker gained control of the Linux Mint user forum, grabbing copies of the entire database twice, copies of which are now for sale on a dark web marketplace for 0.197 bitcoin ($85) per download. Oracle Linux checklist: What to do after installation This Linux learning path will help you start using the OS like a proītop is a much-improved take on the Linux top command SEE: Has your Linux Mint desktop been backdoored? (ZDNet) #Linux mint downloadThe hacker replaced the download link for Linux Mint with one which contained a backdoor called Tsunami-an attack which put “several hundred” systems with a fresh installation of Linux Mint in the hacker’s control, according to an interview with ZDNet’s Zach Whittaker. On February 20th, a hacker working under the handle “Peace” took control of the website of Linux Mint, a popular Linux distribution derived from Ubuntu (and Debian) targeted toward non-technical users and power users unhappy with modern desktop environments like GNOME 3, KDE Plasma 5, and Unity 7. Security vulnerabilities at the Linux Mint project highlight substantial issues with the popular Linux distribution, and the difficulty of maintaining a Linux distribution as a hobbyist project. Why the Linux Mint hack is an indicator of a larger problem ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |