Screenshot of github showing part of the commit message of this commit with this text:
Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).
While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:
- The executable payloads were embedded as binary blobs in
the test files. This was a blatant violation of the
Debian Free Software Guidelines.
- On machines that see lots bots poking at the SSH port, the backdoor
noticeably increased CPU load, resulting in degraded user experience
and thus overwhelmingly negative user feedback.
- The maintainer who added the backdoor has disappeared.
- Backdoors are bad for security.
This reverts the following without making any other changes:
The sentence “This was a blatant violation of the Debian Free Software Guidelines” is highlighted.
Below the github screenshot is a frame of the 1998 film The Big Lebowski with the meme caption “What, are you a fucking park ranger now?” from the scene where that line was spoken.
Tbh jia tan really wasn’t lucky some mf at Microsoft noticed a 500ms delay in ssh. The backdoor was so incredibely clever and Well hidden and ingenious i almost feel bad for him lmao
What’s even going on here? cuz it looks like we’re trying to suggest that somebody having a way into your system when you don’t want them there isn’t a problem, but that’s retarded
The binaries had part of the source hidden in them implying it was closed source code. But it wasnt compiled code its just poorly obfuscated code. The pattern is pretty simple.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programmerhumor@lemmy.ml
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.
reminds me of the infamous NSA backdoor patch blog for Notepad++
Seriously. If you are going to do it, write in assembly or something else no one understands.
Tbh jia tan really wasn’t lucky some mf at Microsoft noticed a 500ms delay in ssh. The backdoor was so incredibely clever and Well hidden and ingenious i almost feel bad for him lmao
deleted by creator
Jia Tan probably wasn’t one person - most likely the identity was operated by a team of people at an intelligence agency, probably Russian or Chinese
Any sources there or do you just lie for fun?
Edit: an article on this kind of behavior:https://redsails.org/false-witnesses/
Whoa hol up.
Write the build script in assembly?
Thats not okay man.
No, it this case the backdoor. Hide it in plain sight.
Well, I think they should revoke that guy’s PGP key
Isn’t the point of PGP/GPG that there’s no central database?
What’s even going on here? cuz it looks like we’re trying to suggest that somebody having a way into your system when you don’t want them there isn’t a problem, but that’s retarded
The binaries had part of the source hidden in them implying it was closed source code. But it wasnt compiled code its just poorly obfuscated code. The pattern is pretty simple.
deleted by creator
Backdoors are bad for security 😆😆