Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Demolishun33804195dFucking hell.
This shit is only going to get worse as the shit actors are losing their grip. -
electrineer30468195dI can see it not getting caught if not for it causing performance issues to someone. Makes one wonder how many of these have gone unnoticed already.
One takeaway is that you shouldn't accept a binary file to your repo unless you can verify what it is. -
lorentz15090195dit would've probably been caught, just maybe not as quickly. They were rushing Fedora to include the patch so they knew they had limited time.
-
lorentz15090195darguably it was also only found because of a substantial mistake; in public-facing servers, failed auth is actually a hot path within sshd so performance regressions have a huge impact.
-
lorentz15090195dWith this hindsight, the next such attack will be optimized to hell to ensure that no one has a reason to poke around.
This is why my trust in updates is low.
https://en.wikipedia.org/wiki/...
Updates aren't always good. Sometimes, they might introduce problems and anti-features.
(Also, didn't whoever introduced this backdoor on a wildly popular component of Linux expect to be caught?!)
rant
xz utils backdoor