Skip to main content

If you're a #Linux user, beware of the XZ backdoor:

https://youtu.be/OHAyf0qwdCs

#linux

Anders Rytter Hansen reshared this.

N. E. Felibata 👽
N. E. Felibata 👽  
Because of the Microsoft developer who decovered it ... 😉
Anders Rytter Hansen
Anders Rytter Hansen  
@N. E. Felibata 👽
Oh yeah that's pretty funny. Out of all the devs it is.... Microsoft 😄
@N. E. Felibata 👽
N. E. Felibata 👽
N. E. Felibata 👽  

Yes, the main thing is that it was discovered!

Still, it's funny that it came from a Microsoft developer obsessed with benchmarks. ... 🤔

Anders Rytter Hansen
Anders Rytter Hansen  
@N. E. Felibata 👽
Yes haha. Lucky that the exploited library runs a bit slower 😅
@N. E. Felibata 👽
david Marec
david Marec  
Andres Freund is a postgresql developer who works at Microsoft.
Anders Rytter Hansen
Anders Rytter Hansen  
@david Marec
Does he do open source development in his free time or is he paid by Microsoft to do it?
@david Marec
Murkas Wylander
Murkas Wylander  
As a Debian stable user I don't neet to update ;)
N. E. Felibata 👽
N. E. Felibata 👽  
True, but if it hadn't been discovered, it would have ended up in the next stable release ... so ...
Anders Rytter Hansen
Anders Rytter Hansen  
@N. E. Felibata 👽
In any case I think the chance of this backdoor being detected before it ends up in Debian is almost 100%
@N. E. Felibata 👽
Murkas Wylander
Murkas Wylander  
But it has been discovered. Supply chain attacks are more a thing of rolling releases.
Murkas Wylander
Murkas Wylander  
Debian is pretty conservative. They always choose stability and proven versions before new features.