Some serious shit going on!

Completely and utterly unrelated.

Moderators: raboof, MattKingUSA, khz

Post Reply
User avatar
Impostor
Established Member
Posts: 1388
Joined: Wed Aug 17, 2022 1:55 pm
Has thanked: 145 times
Been thanked: 363 times

Some serious shit going on!

Post by Impostor »

But a Microsoft employee saves the day!

https://gist.github.com/thesamesam/2239 ... 78baad9e27

User avatar
erlkönig
Established Member
Posts: 210
Joined: Tue May 31, 2022 8:58 am
Has thanked: 42 times
Been thanked: 48 times

Re: Some serious shit going on!

Post by erlkönig »

Thanks for the info....after at least 25 years on Linux, this is the first time, i really worry. At least on my manjaro machines....

Currently working with
https://www.honeysuckers.rocks/?lang=en
Fiddling with sequencers does not evolve into music necessarily and Mac users have smelly feet and guzzle little children.

User avatar
Impostor
Established Member
Posts: 1388
Joined: Wed Aug 17, 2022 1:55 pm
Has thanked: 145 times
Been thanked: 363 times

Re: Some serious shit going on!

Post by Impostor »

User avatar
bluebell
Established Member
Posts: 1925
Joined: Sat Sep 15, 2012 11:44 am
Location: Saarland, Germany
Has thanked: 112 times
Been thanked: 120 times

Re: Some serious shit going on!

Post by bluebell »

For me it's a vulnerability introduced with xz that no-one needs. What was wrong with gzip and its algorithm? Not to mention bzip2 that led to a little bit more compression but wasn't really needed. Then people though that xz is the new hot shit although it's technically worse.

Why do kiddies always want to fix what ain't broken – and fail then? In German there's a verb "verschlimmbessern" which means someone wants to improve something but makes it worse.

Linux – MOTU UltraLite AVB – Qtractor – http://suedwestlicht.saar.de/

User avatar
Axel-Erfurt
Established Member
Posts: 19
Joined: Tue Dec 05, 2023 6:06 pm
Has thanked: 1 time
Contact:

Re: Some serious shit going on!

Post by Axel-Erfurt »

The backdoor would only be relevant if it is a system that is administered via ssh.

User avatar
Linuxmusician01
Established Member
Posts: 1544
Joined: Mon Feb 23, 2015 2:38 pm
Location: Holland (Europe)
Has thanked: 775 times
Been thanked: 143 times

Re: Some serious shit going on!

Post by Linuxmusician01 »

Reminds me of the Heartbleed SnAFU back in the day. I was under the impression that that security risk was (accidentally) caused by a single person or the few persons developing a protocol. Every Evil Big Corp used it because it's for free and they whined like a little bitch when it had an error. Well, that's what you get for being a cheap ass, not paying attention, and not contributing a team to something as important as secure stuff.

I remember that especially Android had a big problem because it's not a "real" operating system for which one can replace/update a single library. Everybody was shocked because Android was sold as being "based on Linux" because it has a Linux kernel.

No matter what OS or hardware we use: we're never safe. Luckily, the leaks have always been fixed (on Windows, Linux or whatever) before it can get to the masses.

P.S. Another funny fact from the link above: "[...] to be vulnerable: You need to be [...] updating religiously.". Like I always say: if it ain't broken don't try to fix it! Don't "update" if there's nothing wrong w/ your system. Everything "new" has teething problems (software, cars, technology, a house, everything).

User avatar
Impostor
Established Member
Posts: 1388
Joined: Wed Aug 17, 2022 1:55 pm
Has thanked: 145 times
Been thanked: 363 times

Re: Some serious shit going on!

Post by Impostor »

Linuxmusician01 wrote: Mon Apr 08, 2024 9:20 am

No matter what OS or hardware we use: we're never safe. Luckily, the leaks have always been fixed (on Windows, Linux or whatever) before it can get to the masses.

Huh, you should read about the Solarwinds affair. It may have taken more than a year before the backdoor was finally discovered. This was also a "supply chain attack" as XZ was, but here the vector was proprietary software instead of FOSS.

User avatar
Audiojunkie
Established Member
Posts: 402
Joined: Thu Feb 21, 2019 4:27 pm
Has thanked: 392 times
Been thanked: 157 times

Re: Some serious shit going on!

Post by Audiojunkie »

bluebell wrote: Sun Apr 07, 2024 1:17 pm

For me it's a vulnerability introduced with xz that no-one needs. What was wrong with gzip and its algorithm? Not to mention bzip2 that led to a little bit more compression but wasn't really needed. Then people though that xz is the new hot shit although it's technically worse.

Why do kiddies always want to fix what ain't broken – and fail then? In German there's a verb "verschlimmbessern" which means someone wants to improve something but makes it worse.

It was a bad actor, who purposely was sneaking a back door into Linux. We got lucky this time.

Tippe
Established Member
Posts: 44
Joined: Tue Jan 02, 2024 10:25 pm
Has thanked: 5 times
Been thanked: 2 times

Re: Some serious shit going on!

Post by Tippe »

Ja, "verschlimmbessern".
Grauenvoll!
Vor allem, da das auch überall in der Politik, Gesetzgebung, Justiz und weiterem mehr passiert.
Und das europaweit.
Wird immer größer, aber nichts verbessert sich wirklich für die sog. einfachen Leute, die das alles bezahlen.
Naja, was soll's.
Ist bestimmt kein Thema für hier. :wink:

User avatar
Linuxmusician01
Established Member
Posts: 1544
Joined: Mon Feb 23, 2015 2:38 pm
Location: Holland (Europe)
Has thanked: 775 times
Been thanked: 143 times

Re: Some serious shit going on!

Post by Linuxmusician01 »

Impostor wrote: Mon Apr 08, 2024 3:18 pm
Linuxmusician01 wrote: Mon Apr 08, 2024 9:20 am

No matter what OS or hardware we use: we're never safe. Luckily, the leaks have always been fixed (on Windows, Linux or whatever) before it can get to the masses.

Huh, you should read about the Solarwinds affair. It may have taken more than a year before the backdoor was finally discovered. This was also a "supply chain attack" as XZ was, but here the vector was proprietary software instead of FOSS.

I get what you mean. Are you talking about this? If I'm not mistaken then that was not a security leak/backdoor in an operating system itself. You had to use their software, didn't you? I have to admit: I've never heard of the company or their software.

What I meant by "the masses" is my mother and my neighbour (not to mention myself, ha ha). Big companies have been the victim of ransomware and they probably will be for ever or for a long time. Personally I couldn't be bothered if a Big Evil Corp. gets attacked. They're not my family nor do I feel sorry for 'm. They've got an army of IT guys and money. In the past many ransomware attacks on companies were caused by them not installing a Windows Update automatically which even my 80 year old mother does obediently. And they have off-site back-ups etc. They can write it off as company risk or just manage their passwords better, whatever.

I get very nervous when I see somebody on TV who's computer is completely locked by ransomware or who's private photo's have been stolen from their device (phone, computer or cloud) by a hacker. A nightmare they did not deserve.

Concerning this Linux security leak we all got away with sheer luck. I dread the day when we do not...

User avatar
Impostor
Established Member
Posts: 1388
Joined: Wed Aug 17, 2022 1:55 pm
Has thanked: 145 times
Been thanked: 363 times

Re: Some serious shit going on!

Post by Impostor »

Linuxmusician01 wrote: Tue Apr 09, 2024 9:25 am

Personally I couldn't be bothered if a Big Evil Corp. gets attacked. They're not my family nor do I feel sorry for 'm. They've got an army of IT guys and money.

They've also got your data. What if the Digid system gets compromised for example? That will mostly impact unwitting citizens, not big tech.

User avatar
Linuxmusician01
Established Member
Posts: 1544
Joined: Mon Feb 23, 2015 2:38 pm
Location: Holland (Europe)
Has thanked: 775 times
Been thanked: 143 times

Re: Some serious shit going on!

Post by Linuxmusician01 »

Impostor wrote: Tue Apr 09, 2024 11:57 am
Linuxmusician01 wrote: Tue Apr 09, 2024 9:25 am

Personally I couldn't be bothered if a Big Evil Corp. gets attacked. They're not my family nor do I feel sorry for 'm. They've got an army of IT guys and money.

They've also got your data. What if the Digid system gets compromised for example? That will mostly impact unwitting citizens, not big tech.

Again, I get what you mean. It's more complicated than my rant. Sorry. Directly or indirect we all reap the bitter fruits of hackers and security breaches.

Post Reply