No announcement yet.

XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access

  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by HEL88 View Post
    Do you trust your baker not to poison you? Do you constantly examine your bread before you eat it? How do you know it doesn't? Have you ever tested your baked goods? WHY DIDN'T YOU??? This is about your health and your family's health. Trust?
    Every fiasco and scandal story starts with "trust".

    Remember the NSA and Edward Snowden?

    God damn kid.

    Originally posted by HEL88 View Post
    Why would M$ put backdoors in Windows?????
    Why do criminals exist in this world?

    Originally posted by HEL88 View Post
    So that investors would lose billions after the scandal broke???? To lose trust in a brand they've been building for decades????

    Only Linux fans dream of backdoors in Windows. They wish there were. That's why they keep writing about them.​​
    Maybe because "Microsoft" is not a single fucking human but an entity where thousands or more work at.

    Let's go back to the NSA. Did the NSA intentionally leak and violated your """Trust"""? Yes or no? Snowden worked for the NSA after all. Oh, he was rogue you say? A criminal, you say?

    And how do you know that there's no criminal in Microsoft's entire task force? Do you?

    What a fucking joke.

    Stay naive lol.


    • Originally posted by HEL88 View Post

      Answer yourself why so many developers switched from Linux to macOS???? Because they're tired of fighting stupid bugs, unsuccessful updates. They want to work.​
      Oh you mean how, for instance, Apple broke many people's usb devices? Yeah, broken updates happen everywhere. Better luck next time with shitty trolling.


      • Originally posted by F.Ultra View Post

        I've personally had to cleanup over 200 instances of Windows installs being compromised with no other software installed than base Windows (this back in the Windows 2000 days).
        I trust your word bro. It was surely because Windows contained backdoors or built-in malware. Oh wait back in the late 90s, early 00s, Windows 2000 didn't even have a built-in firewall, its CIFS stack was a gaping security hole and I myself breached Windows 2000 boxes left and right because the Internet was metered and our university couldn't afford downloading updates.

        Your really try hard to sound smart but in the end what you're saying is just laughable and completely off the mark. I will go ahead and add you to my BL. Too tired of rampant mythology here on Phoronix. Would love to talk to people who operate with the real world where Linux users have just got fucked over by the actual backdoor, not live in the imaginary one.

        There are plenty of other Phoronix users living in the same fantasy world of Windows having backdoors, so I'm sure you'll have an interesting discussion.
        Last edited by avis; 30 March 2024, 04:25 PM.


        • Originally posted by LightBit View Post

          Yes, usually it is phishing. I'm personally not worried about Windows security at all. I actually hate the fact I can't really permanently disable Windows Defender.

          I would expect, if there is backdoor, it would only be used for very important targets. When Alies broke Enigma, they were careful not to reveal they know everything.
          Windows Defender is pretty easy to disable and I can tell you how. No hacking or random scripts from the internet are needed.

          I actually have it disabled because I only have Firefox and Steam installed in Windows, so I have nothing to worry about. And if I really need to run something from the web I run it though which I trust more than a single Microsoft AV (it's actually quite good but virustotal is just so enticing to use).


          • Originally posted by F.Ultra View Post

            and xz isn't Red Hat:s nor Debian:s software either, they simply signed some one elses code and distributed the result in their app store. But so it is exactly apples to apples, but since it doesn't follow your bias you refuse to acknowledge it and are now trying to invent all types of no true Scotsman.

            edit: btw one of the links where lost:
            This is MS accidentally distributing their own software Visual Studio .Net in Korea with the Nimda virus)
            RedHat and Debian have delivered malware to my box. I do not care one bit what the relationship between these entities is. As a user I deal with a complete OS. XZ is not some obscure PPA or COPR distributed by some random John Shmoe. XZ is a core part of the respective distributions. You cannot even install Fedora or Debian without xz-lib. It's contained on the respective distribution ISO images. It's even used in the initramfs. With that, how on earth they are not distributing XZ? How on earth are they exempt from the responsibility of delivering secure and safe software?

            Oops, sorry, never mind, I have you BL'ed, I just haven't updated the page yet and I've seen and replying to your absolutely ridiculous, preposterous and asinine comment.


            • Originally posted by novideo View Post
              Now that's terrifying
              I wouldn't say that, it seems that avis/biride genuinely has different values and viewpoints than we do. He is often aggressive, arrogant, and/or stubborn, but his posts seem to contain some intellect unlike sophisticles's. sophisticles is definitely a troll though.
              a troll would not like perform crimes on the phoronix forum like sophisticles do he places links here in the forum as honey pot trap to lure people like me on a webserver to then attack CVE in the firefox 119 browser and then use a CVE in the glibc to get root access and then perform a logofail attack on my and other peoples system.

              Sophisticles is not a Troll he is a dangerous criminal from radical left-wing Indymedia and Advanced Persistent Threat actors​ hacker group "Magnet Goblin" and Israeli Intelligence...

              they actively target people from the opensource/linux community here at the forum.

              i reported it multible times to [email protected] but he does not act.
              Phantom circuit Sequence Reducer Dyslexia


              • Originally posted by avis View Post
                I'm not on the Linux hype train that's why "I'm a troll". I also happen to enjoy gaming under Windows because Linux is not there yet and it's very unlikely it will ever be.
                Linux is absolutely safe and secure and thanks for the kind words. I have nothing else to say and I'm exhausted by the aggression of the people who have made Linux their religion.
                At least you are not involved in illegal activities like sophisticles
                Phantom circuit Sequence Reducer Dyslexia


                • Originally posted by PluMGMK View Post
                  I'm afraid it's a lot more sinister than that. This exploit code has been gradually introduced and refined in the repository over the course of at least a year.

                  The issue is that the SSHD builds on many distros link to libsystemd, which in turn links to liblzma. This can be exploited to get SSHD to run evil code that's been carefully hidden in liblzma…
                  Isn't that what apparmor is supposed to protect against?


                  • AppArmor can't do anything in this case. It can limit access to files required by executable, but it all depends on configuration. In this case code in executable is replaced by malicious code from library.


                    • Originally posted by avis View Post
                      I've now offered three people on these forums to hack my patched Windows 10 installation. Unfortunately no one has replied/agreed. Maybe I should offer a reward, I don't know.
                      Windows is choke full of backdoors made/enforced by NSA until people here cannot prove anything or even cite recent incidents of people getting hacked.
                      With literally tens of nations being the archenemies of the US why is it not happening? Why?
                      Myths, egregious lies, and conspiracies, that's why.
                      It is very easy to proof that Microsoft windows itself is the virus/trojan you do not need to install any virus or trojan into windows.

                      i can proof this to you by one single sentence then you see microsoft is a liar and they harm their customers and users.

                      to proof this to you read this:
                      Microsoft Defender Antivirus​ detects a trojan with the name "Trojan: Win32 / Malgent!; MSR" this is a lie this trojan NEVER existed microsoft abused its power to actively denie access and remove legitimate software from their customers/users computers

                      Surprise surprise "Trojan: Win32 / Malgent! ; MSR" is W10Privacy what is a 100% Legitimate software to protect your privacy
                      and MIcrosoft Defender Antivirus if you try to install it first will denie to install it if you reject this warning and do it anyway Microsoft Defender Antivirus will automatically delete the W10Privacy . exe from the c:\ programm files\ w10privacy folder. and only if you ignore the RED install warning and then after install manually tell the microsoft defender antivirus to restore the file only then you can start it.

                      this example shows you no one need to install a virus or trojan to windows and microsoft windows do not need to build in a backdoor becuase windows itself is the harmfull software who harms people.

                      just see my example about microsoft edge by default startup-boost is avtive this is the VIRUS if this is activiated it results in 5 microsoft edge instanced started if you start up your windows and this 5 instances will send files to your SSD to destroy your SSD with write cycles and it also upload what you do with your browser to microsoft and also it freshly download stuff from microsoft services. there is activity like this all the time even if you do nothing with your computer and even if windows 10/11 is freshly installed.

                      if you disable startup-boost in microsoft edge this mysterious and harmfull activity stops and tests show the startup time of the browser is the same and the startup time of websites are the same time means this function startup-boost gives you no advantage it only is harmfull.

                      W10Privacy also proof that if you watch all options and you activate all options you easily can discover that microsoft windows is the virus is the trojan and it sends all your data to microsoft. microsoft windows is a spy tool of the Bill Gates ADL's
                      Phantom circuit Sequence Reducer Dyslexia