Originally posted by lateo
View Post
Announcement
Collapse
No announcement yet.
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Collapse
X
-
-
Originally posted by spicfoo View Post
You appear to be posting a correction but you are in fact 100% agreeing with me. I already noted that Fedora 40 has an update (it appears the package maintainer made some changes that accidentally broke the exploit but it would be wise to update anyway) and that there is no separate Fedora 41 update. I am not sure what confused you there.
41 doesn't exist, yet it's shadow is there in rawhide.
Don't take offence, you can count it on me nitpicking
Comment
-
I find it a bit ironic that this was discovered by Microsoft. The fact is, this was a malicious and intentional backdoor, and it sailed past all the vaunted Linux bureaucracy and its many eyes.
This is an organizational issue. This was accomplished by social engineering, by another oss team that were bad actors. And now Iām supposed to continue trusting open source? And not trust Microsoft? Right.
This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one.
ā
- Likes 1
Comment
-
Originally posted by mSparks View Post
yeah, being able to hire your own developers working on the entire product lifecycle gives you waaaay less control of the product lifecycle than relying on what bill gates wrote 30 years ago.
ROFL.
Comment
-
Originally posted by F.Ultra View Post
That's news to me, we hire several Linux developers (and I'm one of them) and none of us have any prior macOS experience.
But I know that there is a company nearby where they develop embeded systems based on linux so I know where to meet them besides the forum .
ā
ā
Comment
-
Originally posted by lateo View Post
When you know the history of the product and the current Us laws, why wouldn't you be wary of it especially if you're not a US citizen/corp/gov ?
When you know that linux dev were put under pressure to look somewhere else and let some shitty stuff go into the kernel, why wouldn't you assume that a billions dollars company wouldn't be subject to such pressures ?
Your points are somewhat valid, but man... I don't do unicorns.
In the meantime I don't understand why the "Windows is full of backdoors" mythology is so close to Linux fans. I guess with the amount of time you've wasted tinkering with Linux to get it to work, you need some internal justification. That'll work, right. Just try to be I don't know be honest with yourself, will you? I guess not.
Comment
-
Originally posted by avis View Post
By the same token you can make an argument that Google/Apple/MS distribute malware via their App Stores. No, that's not what I meant and if I didn't make myself clear at first, I'll make it clear now: I only meant software which is developed, distributed publicly and signed by these three companies.
"Distributed publicly" is also quite important. I can imagine all three companies have security researchers/engineers who have written exploits/malware/viruses just for fun and for testing purposes.
Here's the full story: https://grahamcluley.com/microsoft-stab-macro-viruses/ https://www.cnet.com/deals/the-88-be...ill-remaining/
Not really malware, more like a stupid joke perhaps from someone who was heavily reprimanded. I'm still thankful you've unearthed it as I never knew about it. It was back from the time when the Internet wasn't yet a thing.
Here we are talking about a freaking backdoor to access a system remotely.
- Likes 1
Comment
-
Originally posted by spicfoo View PostYou appear to be posting a correction but you are in fact 100% agreeing with me. I already noted that Fedora 40 has an update (it appears the package maintainer made some changes that accidentally broke the exploit but it would be wise to update anyway) and that there is no separate Fedora 41 update. I am not sure what confused you there.
Phantom circuit Sequence Reducer Dyslexia
Comment
-
Originally posted by darkoverlordofdata View PostI find it a bit ironic that this was discovered by Microsoft. The fact is, this was a malicious and intentional backdoor, and it sailed past all the vaunted Linux bureaucracy and its many eyes.
This is an organizational issue. This was accomplished by social engineering, by another oss team that were bad actors. And now Iām supposed to continue trusting open source? And not trust Microsoft? Right.
This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one.
ā
it was not discovered by microsoft it was discovered by a person who also work for microsoft thats a big difference he does not represent microsoft.
"it sailed past all the vaunted Linux bureaucracy and its many eyes."
thats wrong it did not reach any stable or release of any major linux distro like ubuntu or fedora or debian... the only people who really where hit where the rolling release distros
but its not news that rolling release distros are really dangerous.
"This definitely informs me that my recent decision to stop using linux (after 15 years) was the correct one"
your psychological operation will not work herePhantom circuit Sequence Reducer Dyslexia
- Likes 2
Comment
-
Originally posted by HEL88 View PostAll my life I have not met a professional linux developer (only hobbyists).
But I know that there is a company nearby where they develop embeded systems based on linux so I know where to meet them besides the forum .
ā
well...Phantom circuit Sequence Reducer Dyslexia
Comment
Comment