Announcement

Collapse
No announcement yet.

XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by LightBit View Post
    Yes, usually it is phishing. I'm personally not worried about Windows security at all. I actually hate the fact I can't really permanently disable Windows Defender.
    I would expect, if there is backdoor, it would only be used for very important targets. When Alies broke Enigma, they were careful not to reveal they know everything.
    did you know that Enigma was a "Toy" never used for anything serious...



    Schlüsselgerät 41 ("Cipher Machine 41"),​was the real version it had a 170bit cipher not cracked even today 2024...

    Phantom circuit Sequence Reducer Dyslexia

    Comment


    • My fellow friends from Dragon Sector did a bit initial analysis (not payload doing SSH exploit but extracted the binary post encryption/compression).


      Comment


      • Originally posted by avis View Post

        I trust your word bro. It was surely because Windows contained backdoors or built-in malware. Oh wait back in the late 90s, early 00s, Windows 2000 didn't even have a built-in firewall, its CIFS stack was a gaping security hole and I myself breached Windows 2000 boxes left and right because the Internet was metered and our university couldn't afford downloading updates.

        Your really try hard to sound smart but in the end what you're saying is just laughable and completely off the mark. I will go ahead and add you to my BL. Too tired of rampant mythology here on Phoronix. Would love to talk to people who operate with the real world where Linux users have just got fucked over by the actual backdoor, not live in the imaginary one.

        There are plenty of other Phoronix users living in the same fantasy world of Windows having backdoors, so I'm sure you'll have an interesting discussion.
        Where have I once claimed that Windows have built-in backdoors or built-in malware? The context was that you have never seen a compromised Windows machine, while I have seen many hundreds if not thousands (I did after all work once at a Windows only shop where we had several thousand Windows servers). Yes those Windows 2000 machines where compromised from 0-days, never claimed otherwise.

        Perhaps you should start to separate in your head which comment and who you are arguing with instead of treating everyone as being from the same person. At least that would make you look less of an ass here.

        Comment


        • Originally posted by avis View Post

          RedHat and Debian have delivered malware to my box. I do not care one bit what the relationship between these entities is. As a user I deal with a complete OS. XZ is not some obscure PPA or COPR distributed by some random John Shmoe. XZ is a core part of the respective distributions. You cannot even install Fedora or Debian without xz-lib. It's contained on the respective distribution ISO images. It's even used in the initramfs. With that, how on earth they are not distributing XZ? How on earth are they exempt from the responsibility of delivering secure and safe software?

          Oops, sorry, never mind, I have you BL'ed, I just haven't updated the page yet and I've seen and replying to your absolutely ridiculous, preposterous and asinine comment.
          so you changed goal posts again, first giants like Apple, Google and Microsoft would never ever under any circumsance do anything wrong. Then it suddenly only counted if it where their own holy code and now it have to be installed by default to count (funnily enough you completely ignored the Visual Studio .Net with a virus on it that fit all 3 of your goal posts so I guess shift number 4 is to play the "I don't hear you" card). And you have the stomach to call my post "ridiculous, preposterous and asinine", projecting much?

          Comment


          • Originally posted by qarium View Post
            Microsoft Defender Antivirus​ detects a trojan with the name "Trojan: Win32 / Malgent!; MSR" this is a lie this trojan NEVER existed microsoft abused its power to actively denie access and remove legitimate software from their customers/users computers

            Surprise surprise "Trojan: Win32 / Malgent! ; MSR" is W10Privacy what is a 100% Legitimate software to protect your privacy
            This is false (but the outcome is true), there is no trojan with that name because that is not what Defender is saying. Malgent! is simply Defenders name for "generic trojan" and MSR means that it identified it not by matching a hash on a piece of code but with heuristics (aka W10Privacy is doing something that also trojans tend to do so the "AI" of Defender gives a false positive here). W10Privacy is not alone in triggering this, there are lots of other softwares that triggers this specific warning so no they did not include this to kill the W10Privacy application.

            Comment


            • Originally posted by LightBit View Post

              Maybe Microsoft doesn't even know it. It could be act of any of many employes.
              Maybe.

              The difference is that companies like M$ have much more control over their employees and what they do. So the chance of that happening is much smaller.​

              Comment


              • Originally posted by F.Ultra View Post

                I've personally had to cleanup over 200 instances of Windows installs being compromised with no other software installed than base Windows (this back in the Windows 2000 days).
                But you forgot to add that not only the additional software was not there, but also the latest updates were not installed, because at that time there was not yet a fashion for continuous updating .

                You are using things from 25 years ago as arguments. Don't you have anything newer?



                Comment


                • Originally posted by Weasel View Post
                  Every fiasco and scandal story starts with "trust".

                  Remember the NSA and Edward Snowden?

                  (........)
                  .
                  NSA, NSA, NSA....

                  If the NSA is so evil and powerful then probably most of the vulnerabilities in Linux and open source are their work????

                  They bribe programmers, work with companies and foundations that create open source, intimidate, and open source programmers intentionally make 'mistakes' that are vulnerabilities used by the NSA to get into Linux???

                  Could this be the case??? Think about it.​

                  Comment


                  • Originally posted by HEL88 View Post
                    NSA, NSA, NSA....

                    If the NSA is so evil and powerful then probably most of the vulnerabilities in Linux and open source are their work????

                    They bribe programmers, work with companies and foundations that create open source, intimidate, and open source programmers intentionally make 'mistakes' that are vulnerabilities used by the NSA to get into Linux???

                    Could this be the case??? Think about it.​
                    So?

                    I'm saying closed source has the same issues. Not that open source does not have.

                    Comment


                    • Originally posted by F.Ultra View Post
                      This is false (but the outcome is true), there is no trojan with that name because that is not what Defender is saying. Malgent! is simply Defenders name for "generic trojan" and MSR means that it identified it not by matching a hash on a piece of code but with heuristics (aka W10Privacy is doing something that also trojans tend to do so the "AI" of Defender gives a false positive here). W10Privacy is not alone in triggering this, there are lots of other softwares that triggers this specific warning so no they did not include this to kill the W10Privacy application.
                      now include the true history and you will be surprised. because when w10privacy was released it caused no warning and people could use it without problem .

                      microsoft then started to go agaist w10privacy because it hurts there money income by disabling Ad's in the explorer and start menue.

                      first it was just a warning in the moment people installed it.. this warning then developped into a block and people can only bypass it by clicking on "more information" and then click on ignore the warning.

                      but this did also not stop enough users and the newest escalation to this is that the microsoft defender now gives a false positive and removes the installed w10privacy.exe from the harddrive and even if you disable windows defender this still happens and only if you go into the log of the windows defender you can click on action and then restore the file

                      but this is not all if you start it it gives another warning and if you start it as user it does not work no matter what option you set and of course you need to use it as administrator.

                      this is all a farce and shows that microsoft fights freedom and privacy with all measures.

                      microsoft windows is a scam
                      Phantom circuit Sequence Reducer Dyslexia

                      Comment

                      Working...
                      X