And let's not forget Pegasus since you're on sucha god damn whataboutism tear. JFC.
Announcement
Collapse
No announcement yet.
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Collapse
X
-
Originally posted by avis View Post
The article talks about an unpatched vulnerability. How is this relevant at all to this discussion? You're now person N10 in this discussion who says "But what about?" This is not an argument, OK?
We're now discussing malware/backdoor distributed by Linux distros.
- Likes 4
Comment
-
Originally posted by kozman View PostSo have they traced back the WHO (JiaT75) part of it? Meaning, who snuck this in? I read the post but didn't see mention of anyone specific. Sneaky bastard trying compromise SSH usually points to one type of actor.
Everything that account has ever touched needs reviewing... Massive gleh.
Sounds Chinese, but who knows?
- Likes 4
Comment
-
Originally posted by emansom View PostThere's a chance he will likely force-push, corrupting the history of this git repository. So even the repository itself shouldn't be trusted. Retrieve backups from really really old build machines before he ever contributed if possible.
Comment
-
Originally posted by kozman View Post
You said show me ONE backdoor against Apple. Done. Hard to get into a battle of wits with an unarmed person.
Comment
-
It gets even better, they also patched ASAN to not detect the backdoor: https://github.com/google/oss-fuzz/issues/11760
- Likes 6
Comment
-
Originally posted by sophisticles View Post
If what I posted is such "bullshit", then you should have no problem pointing out the errors.
Sorry to burst the fantasy bubble you and other Linux enthusiast live in, but this attack can be used to compromise any piece of open source software on any Linux distro.
As i have said time and time again, open source is a scam perpetrated on the gullible.
People with a real computer science background just laugh at the absurdity of the belief system.
- Likes 5
Comment
-
Lots of comments here, I can only guess that avis and sophisticles are claiming that M$, Google and Apple have never spread malware despite them each spreading millions of malware downloads through their various app stores the past few years. And Google literally selling top search result rankings to known malware producers.
For myself, I'm quite safe with xz version 5.2.5 - one of the many joys of not using a bleeding edge rolling release.
- Likes 5
Comment
-
Originally posted by ⲣⲂaggins View Post
Well that seems like something someone who doesn't understand git would say. Force pushing doesn't corrupt the history at all, it just changes a branch to point at a different commit, while all the original commits continue to exist in the repository.
Comment
-
Originally posted by avis View PostWhereas big corporations such as Microsoft, Google or Apple endorse every line of code that reaches you as a customer
- Likes 3
Comment
Comment