Big Linux Backdoor

Показать описание

UFD Tech

Рекомендации по теме

Комментарии

The irony was that the person who caught it works for Microsoft.

knmxgrjjhgt

No major distributions were hit, just unstable dev versions

LukePlaysGames

500ms delay might sound extremely pedantic but linux's main use is still servers and on servers that's a lot.

alephcake

Debian stable wasn’t infiltrated, unstable was. So no damage for Debian users.
Debian tests packages for months before releasing them, that’s why this backdoor was even caught!

fmis

the fact you didn't say that it's just the beta/testing versions

parsa_poorsh

For clarification the back door was introduced in February in version 5.6.0.
Effected users are software and distro testers for debian, fedora and tumbleweed
This is beacuse debian and fedora packages takes time to test and refine.
Hence most of the effected system are just test system and probably on virtual machines,
So its fair to say we caught it in time .

As for servivors bais theory, we will probably change how we pack software, going to compile straight from source instead of using tarball

The advantage of using linux is we are always learning and improving without corporate intervention or govt pressure

As

primefactors

> There are no known reports of those versions being incorporated into any production releases for major Linux distributions

yahi

At least you can verify the code on Linux, but I cannot say the same about other operating systems

vishnuviswanathan

The important things is that it was open source and so we were able to find the problem quickly and disclose it immediately. And it only effected testing versions of certain distros that linked it dangerously. How many back doors has windows had over the years that we still don't know about.

Barty.Crowell

This is very exaggerated. I thought you'd be better than this - none of the backdoored versions made it to production

iso_

I don't think survivor bias is applicable here.

With windows and apple it's more like North Korea where half of all plane crashes are totally top secret.

With Linux they're all in the open and often the plane crash is prevented before it takes off, as actually happened here.

LEJAOHAN

One key fact about the 500ms delay was taken out. The delay was due to CPU utilization spike in a process that it shouldn't have. The CPU spike caught the attention of the dev. The 500ms delay is an after effect of the weird CPU utlization.

tuut

I love how someone thought something was wrong with their computer for being 500 millisecond late.

Yet here I am, waiting 2 minutes for my pc to load up.

TheHeavyDead

Mac has unfixable exploits. You can ransomware mac with one line of code and the security team at apple said there is no way for them to fix it.

pauliewalnuts

It is a bit more complex than that. This attack is a new type of attack targeting the build time not the source code itself, that survivor bias also work for other OS, you know only what they tell, at least we are open and tell you what we know without hiding anything for the sake of advancement in technology and security technique

ikhlasulkamal

The difference about knowing about the back doors you catch between companies and open source communities is that the communities will act immediately and anyone can catch it by inspecting the code while a company may not say anything for months. Also MS has been embracing Linux a lot lately, they even released instructions on installing Linux on thier learning site. So it's not a surprise a ms employee also uses Linux.

obibi

Just like in old dos time. If a program loaded too slow or the HDD activity was unusual it was a good tip that the program is infected

Mitsou

We can still say those things about Windows...

gustavo

The facts:

1: the affected builds (5.6.0 and 5.6.1) only made it into testing / unstable releases, a la arch linux, debian sid, fedora rawhide, nixos unstable, etc

2: the backdoor had 3 requirements to reveal itself. You mustve been building for x86_64-linux using glibc (iirc) and in a debian or fedora build environment

3: this happened through socially manipulating the original dev, goes to show how the least secure point of a computer is the person in between the keyboard and chair

rubiigen

Guy was worried about near-trivial lag. Meanwhile the searchbar in my windows 11 distribution hangs indefinitely half the time.

noxdraconis

Big Linux Backdoor

Big Linux Backdoor

The XZ Backdoor Almost Compromised Every Linux System

Linux Reacts to Being Hacked

Detecting a backdoor on linux

Nation-State Attack on Linux? Linux Backdoor Explained

Linux users be like

linux users be like

Every Linux Distro Must Learn From XZ Backdoor

How BPFdoor Linux Backdoor Hid for 5 Years

LINUX PAM BACKDOOR - TUTORIAL - HOW TO DO

Die BACKDOOR in XZ Utils: Der SCHLIMMSTE ANGRIFF dieses Jahr

Mr. Robot Sucks

OpenSSH backdoor'ed via XZ & Systemd on RedHat & Debian systemd: multi-year effort by s...

The Amazingly Scary XZ SSHD Backdoor

secret backdoor found in open source software (xz situation breakdown)

How Intel wants to backdoor every computer in the world | Intel Management Engine explained

Spyware at The Hardware Level - Intel ME & AMD PSP

Kids vs. MALWARE!!

XZ Backdoor Attack, Linux Mint 22, Fedora Switch to KDE?, Flathub Unverified & more Linux news

They Found The iPhone Backdoor

The Backdoor Threat to Linux & Massive Social Security Number Heist

The Linux Hotline - The Backdoor, The Alternative, and The Versioning

I lost ALL of my BITCOIN & ETHEREUM in SECONDS! (Cold storage hacked)

Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC