Linux

10208 readers

515 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

Postmortem of the Xubuntu.org download site compromise (lwn.net)

submitted 3 days ago by cm0002@toast.ooo to c/linux@programming.dev

2 comments fedilink hide all child comments

In mid-October, the Xubuntu download site was compromised and had directed users to a malicious zip file instead of the Torrent file that users expected. Elizabeth K. Joseph has published a postmortem of the incident, along with plans to avoid such a breach in the future:

To be perfectly clear: this only impacted our website, and the torrent links provided there.

If you downloaded or opened a file named "Xubuntu-Safe-Download.zip" from the Xubuntu downloads page during this period, you should assume it was malicious. We strongly recommend scanning your computer with a trusted antivirus or anti-malware solution and deleting the file immediately.

Nothing on cdimages.ubuntu.com or any of the other official Ubuntu repositories was impacted, and our mirrors remained safe as long as they were also mirroring from official resources.

None of the build systems, packages, or other components of Xubuntu itself were impacted.

top 2 comments

sorted by: hot top controversial new old

[–] stefenauris@pawb.social 5 points 3 days ago

Wordpress is a blight on the internet

[–] iii@mander.xyz 3 points 3 days ago* (last edited 3 days ago)

It was quite obvious indeed, as they also defaced the website. I switched to Linux Mint XFCE edition because of it :)