Announcement

Collapse
No announcement yet.

XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by lateo View Post

    Well. Yes and no.



    TLDR; my understanding is that rawhide is already split from 40.

    But in any case, you're right, there's not such thing as F41 atm.
    You appear to be posting a correction but you are in fact 100% agreeing with me. I already noted that Fedora 40 has an update (it appears the package maintainer made some changes that accidentally broke the exploit but it would be wise to update anyway) and that there is no separate Fedora 41 update. I am not sure what confused you there.

    Comment


    • Originally posted by spicfoo View Post

      You appear to be posting a correction but you are in fact 100% agreeing with me. I already noted that Fedora 40 has an update (it appears the package maintainer made some changes that accidentally broke the exploit but it would be wise to update anyway) and that there is no separate Fedora 41 update. I am not sure what confused you there.
      Precision added so that agreement can be reached.
      41 doesn't exist, yet it's shadow is there in rawhide.
      Don't take offence, you can count it on me nitpicking

      Comment


      • I find it a bit ironic that this was discovered by Microsoft. The fact is, this was a malicious and intentional backdoor, and it sailed past all the vaunted Linux bureaucracy and its many eyes.

        This is an organizational issue. This was accomplished by social engineering, by another oss team that were bad actors. And now I’m supposed to continue trusting open source? And not trust Microsoft? Right.

        This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one.

        Comment


        • Originally posted by mSparks View Post

          yeah, being able to hire your own developers working on the entire product lifecycle gives you waaaay less control of the product lifecycle than relying on what bill gates wrote 30 years ago.

          ROFL.
          Linux, too, was written 30 years ago based on an architetcture from 60 years ago. In addition, it was done by a student. It must be safe and thoughtful LOL .

          Comment


          • Originally posted by F.Ultra View Post

            That's news to me, we hire several Linux developers (and I'm one of them) and none of us have any prior macOS experience.
            All my life I have not met a professional linux developer (only hobbyists).

            But I know that there is a company nearby where they develop embeded systems based on linux so I know where to meet them besides the forum .

            Comment


            • Originally posted by lateo View Post

              When you know the history of the product and the current Us laws, why wouldn't you be wary of it especially if you're not a US citizen/corp/gov ?
              When you know that linux dev were put under pressure to look somewhere else and let some shitty stuff go into the kernel, why wouldn't you assume that a billions dollars company wouldn't be subject to such pressures ?

              Your points are somewhat valid, but man... I don't do unicorns.
              Somewhat valid? And no examples again? Thanks for confirming the last sentence for the Nth time.

              In the meantime I don't understand why the "Windows is full of backdoors" mythology is so close to Linux fans. I guess with the amount of time you've wasted tinkering with Linux to get it to work, you need some internal justification. That'll work, right. Just try to be I don't know be honest with yourself, will you? I guess not.

              Comment


              • Originally posted by avis View Post

                By the same token you can make an argument that Google/Apple/MS distribute malware via their App Stores. No, that's not what I meant and if I didn't make myself clear at first, I'll make it clear now: I only meant software which is developed, distributed publicly and signed by these three companies.

                "Distributed publicly" is also quite important. I can imagine all three companies have security researchers/engineers who have written exploits/malware/viruses just for fun and for testing purposes.



                Here's the full story: https://grahamcluley.com/microsoft-stab-macro-viruses/ https://www.cnet.com/deals/the-88-be...ill-remaining/

                Not really malware, more like a stupid joke perhaps from someone who was heavily reprimanded. I'm still thankful you've unearthed it as I never knew about it. It was back from the time when the Internet wasn't yet a thing.

                Here we are talking about a freaking backdoor to access a system remotely.
                Then you should have said so in the first place instead of moving goalposts and generally acting like a troll.

                Comment


                • Originally posted by spicfoo View Post
                  You appear to be posting a correction but you are in fact 100% agreeing with me. I already noted that Fedora 40 has an update (it appears the package maintainer made some changes that accidentally broke the exploit but it would be wise to update anyway) and that there is no separate Fedora 41 update. I am not sure what confused you there.
                  looks like the key maintainers and developers of debian and fedora where informed in a sting operation and they did make sure the xz exploid does not land in a functional state.


                  Phantom circuit Sequence Reducer Dyslexia

                  Comment


                  • Originally posted by darkoverlordofdata View Post
                    I find it a bit ironic that this was discovered by Microsoft. The fact is, this was a malicious and intentional backdoor, and it sailed past all the vaunted Linux bureaucracy and its many eyes.
                    This is an organizational issue. This was accomplished by social engineering, by another oss team that were bad actors. And now I’m supposed to continue trusting open source? And not trust Microsoft? Right.
                    This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one.
                    yet another sock puppet of avis/birdie/sophisticles ?

                    it was not discovered by microsoft it was discovered by a person who also work for microsoft thats a big difference he does not represent microsoft.

                    "it sailed past all the vaunted Linux bureaucracy and its many eyes."

                    thats wrong it did not reach any stable or release of any major linux distro like ubuntu or fedora or debian... the only people who really where hit where the rolling release distros

                    but its not news that rolling release distros are really dangerous.

                    "This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one"



                    your psychological operation will not work here
                    Phantom circuit Sequence Reducer Dyslexia

                    Comment


                    • Originally posted by HEL88 View Post
                      All my life I have not met a professional linux developer (only hobbyists).
                      But I know that there is a company nearby where they develop embeded systems based on linux so I know where to meet them besides the forum .
                      first you claim you have never met a professional linux developer then you say the professional linux developers are nearby ...

                      well...
                      Phantom circuit Sequence Reducer Dyslexia

                      Comment

                      Working...
                      X