There doesn’t need to be any evidence. This is something that is impossible to prove one way or the other, like Last Thursdayism.
- 0 Posts
- 5 Comments
Yes, this particular incident.
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
In February 2024, a malicious backdoor was introduced to the Linux build of the xz utility within the liblzma library in versions 5.6.0 and 5.6.1 by an account using the name “Jia Tan”.[b][4] The backdoor gives an attacker who possesses a specific Ed448 private key remote code execution through OpenSSH on the affected Linux system. The issue has been given the Common Vulnerabilities and Exposures number CVE-2024-3094 and has been assigned a CVSS score of 10.0, the highest possible score.[5]
Microsoft employee and PostgreSQL developer Andres Freund reported the backdoor after investigating a performance regression in Debian Sid.[8] Freund noticed that SSH connections were generating an unexpectedly high amount of CPU usage as well as causing errors in Valgrind,[9] a memory debugging tool.[10]
SatyrSack@lemmy.sdf.orgto linuxmemes@lemmy.world•Proprietary vs Open Source Backdoors3355·15 days agoImmediately get noticed
Realistically, though, we are only aware of that one because it was noticed in that unlikely scenario and then widely reported. For all we know, most open source backdoors are alive and well in our computers, having gone unnoticed for years.
Also the internet icon shows there is Internet.
Looks to me like the icon that indicates the machine being connected to a network, but that network is not connected to the Internet.
Lemmy seemed to parse that as two separate hyperlinks for me. This should work as a simple clickable link 🤞 https://web.archive.org/web/20240926051545/https://forum.makemkv.com/forum/viewtopic.php?f=16&t=19634