Announcement

Collapse
No announcement yet.

XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access

Collapse
X
Collapse
 
  • Page of 26
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 5 6 7 8 9 10 11 18 26 template Next
  • #71
    And let's not forget Pegasus since you're on sucha god damn whataboutism tear. JFC.
    • Likes 1

    Comment

    • #72
      Originally posted by avis View Post

      The article talks about an unpatched vulnerability. How is this relevant at all to this discussion? You're now person N10 in this discussion who says "But what about?" This is not an argument, OK?

      We're now discussing malware/backdoor distributed by Linux distros.
      You said show me ONE backdoor against Apple. Done. Hard to get into a battle of wits with an unarmed person.
      • Likes 4

      Comment

      • #73
        Originally posted by kozman View Post
        So have they traced back the WHO (JiaT75) part of it? Meaning, who snuck this in? I read the post but didn't see mention of anyone specific. Sneaky bastard trying compromise SSH usually points to one type of actor.
        Dude's probably been fudging other repos too. wasm-stuff and zstd etc by the look of it?
        Everything that account has ever touched needs reviewing... Massive gleh.

        Sounds Chinese, but who knows?
        • Likes 4

        Comment

        • #74
          Originally posted by emansom View Post
          There's a chance he will likely force-push, corrupting the history of this git repository. So even the repository itself shouldn't be trusted. Retrieve backups from really really old build machines before he ever contributed if possible.
          Well that seems like something someone who doesn't understand git would say. Force pushing doesn't corrupt the history at all, it just changes a branch to point at a different commit, while all the original commits continue to exist in the repository.

          Comment

          • #75
            Originally posted by kozman View Post

            You said show me ONE backdoor against Apple. Done. Hard to get into a battle of wits with an unarmed person.
            You've showed an unpatched vulnerability. Looks like you don't understand the difference between "backdoor" and "vulnerability". Please don't reply to my comments any longer. I won't be reading yours as well. Peace out.

            Comment

            • #76
              It gets even better, they also patched ASAN to not detect the backdoor: https://github.com/google/oss-fuzz/issues/11760
              • Likes 6

              Comment

              • #77
                Originally posted by sophisticles View Post

                If what I posted is such "bullshit", then you should have no problem pointing out the errors.

                [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise [LWN.net]
                https://lwn.net/ml/oss-security/[email protected]/




                Sorry to burst the fantasy bubble you and other Linux enthusiast live in, but this attack can be used to compromise any piece of open source software on any Linux distro.

                As i have said time and time again, open source is a scam perpetrated on the gullible.

                People with a real computer science background just laugh at the absurdity of the belief system.
                There's something wrong with your reasoning... you want distributions and operating systems to control the code, but then you blame open source which is the only code that can be controlled. There is a big contradiction in your reasoning. Bugs are commonplace on any operating system or software, whether proprietary or open source, the advantage of open source is that anyone with the skills can verify it, in proprietary software you can't, so they can put whatever they want in it.​
                • Likes 5

                Comment

                • #78
                  Lots of comments here, I can only guess that avis and sophisticles are claiming that M$, Google and Apple have never spread malware despite them each spreading millions of malware downloads through their various app stores the past few years. And Google literally selling top search result rankings to known malware producers.

                  For myself, I'm quite safe with xz version 5.2.5 - one of the many joys of not using a bleeding edge rolling release.
                  • Likes 5

                  Comment

                  • #79
                    Originally posted by ⲣⲂaggins View Post

                    Well that seems like something someone who doesn't understand git would say. Force pushing doesn't corrupt the history at all, it just changes a branch to point at a different commit, while all the original commits continue to exist in the repository.
                    How many distro packagers would double check?

                    Comment

                    • #80
                      Originally posted by avis View Post
                      Whereas big corporations such as Microsoft, Google or Apple endorse every line of code that reaches you as a customer
                      Malicious code is already built into the OS such as Windows, and since the code is closed, you don't know that there is a virus in there.

                      • Likes 3

                      Comment

                      Previous 1 5 6 7 8 9 10 11 18 26 template Next
                      Working...
                      X