Hacker News new | ask | show | jobs
by nycticorax 3708 days ago
> They basically had no effort in their security,

This is clearly hyperbole. "no effort"? C'mon.

> no idea how long they were compromised, and couldnt even respond effectively.

The hacked .iso was up for less than 24 hrs, so that puts a hard limit on the worst part of the compromise. The forum issues they fixed in a couple of days. This seems like a reasonably effective response to me.

> I was a big fan of Mint usability who reluctantly had to ditch it.

Did you really have to ditch it? Or did you just decide to go with a distro that emphasizes security over convenience? (Which is, of course, a completely reasonable thing to do, but others may make other (also reasonable) choices.)
1 comments
nickpsecurity 3708 days ago
I recall my initial data on the situation was in link and comments here:

https://news.ycombinator.com/item?id=11142986

The hacker who's comment is number one should tell you what level of security they have going on.

link
nycticorax 3707 days ago
So... The ultimate source of the breach was an exceedingly weak password? OK, I guess that does seem like a rookie mistake, which is worrisome. Sorry for the naive questions, and I apologize for my confrontational tone. But I really had read most of the referenced articles about the Mint hack (not that last one you linked to), and it was still not obvious to me that this was (apparently) incontrovertible evidence of total incompetence on the part of the Mint devs.

Also, is ryanlol a well-known hacker or something? (I had never heard of him.)

link
nickpsecurity 3707 days ago
It's all good. We were both going on biased sources. That's why I waited for some kind of independent confirmation. ryanlol claims to be the Finnish hacker that hit hundreds of companies or whatever. Backs up the claim a bit by showing up with more "hands-on evidence" of his assessments as in Mint situation. ;) I wasn't sure if he was saying that was the source of the breach or that they weren't practicing even a checklist amount of security. In latter case, source could be anything. It didn't matter enough to evaluate further as it was clear they weren't systematically working on their security.

I went back to modifying Ubuntu for the Mint use-cases since they do combine usability and at least attempts on their security.

link