Backdoors are bad for security ππ
Programmer Humor
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
oh dang removes backdoor from my house
OnlyF~~ans~~rontDoor
Hell yeah. Make the windows difficult to enter, and now you have a singular point of entry.
Then put a gun turret there.
Your house isn't truly secure until you have a lava moat, and other ideas I came up with when I was eight.
Just remove the windows
Didn't some pro-gun idiots suggest removing back doors from American schools
I'm pro gun and that's a laughably stupid idea for about a million reasons.
Don't remove the back door from your house, bar it with a sturdy 2x4 that holds it closed. Just be sure to use a 2x4 that is not made weak by the application of a specific chemical that only the secret bad guy knows about.
Seriously. If you are going to do it, write in assembly or something else no one understands.
Tbh jia tan really wasn't lucky some mf at Microsoft noticed a 500ms delay in ssh. The backdoor was so incredibely clever and Well hidden and ingenious i almost feel bad for him lmao
A really good point I heard is: this was likely a state actor attack, so how many others just like this are out there, undiscovered?
Unpopular opinion: what if it was not a state actor and just some bored person somewhere that thought it would be cool to own a bot net?
What if this is just one of many backdoors and itβs just the only one we found?
I heard that person actively contributed for something like 2 years, providing actually useful contributions, to gain the level of trust needed to plant that backdoor. Feels a bit too much to chalk it up to boredom.
As for the second part, that's an interesting question. Are there lots of backdoors and we just happened to notice this one, or are backdoors very rare exactly because we'd have found them out soon like in this case?
You'd be surprised what I manage with motivation and boredom.
You'd be surprised what a highly skilled ~~scalled~~ person can manage to achieve.
Boredom, Skills and Motivation are dangerous things to have if improperly handled.
highly scalled person
You might be on to something, it might have been the lizzard people!
The design is Moriarty lvls of complex. State actor might be too specific, but everything but a group of people would be highly unlikely.
Nobody is both that bored and that motivated. Unless paid.
You forget that a lot of brilliant open source projects are one man shows from geniuses somewhere around the world. They are usually not paid.
In the other hand, if you get your hands on a powerful botnet, you can rent out its services (like ddos for example) for quite a bit of money.
Realistically I think it's probably easier to acquire a botnet of less secure systems. This was a targeted attack.
Itβs scary to think aboutβ¦ a lot of people are now thinking about how we can best isolate our build test process so it works as a test suite but doesnβt have any way to interact with the output or environment.
Itβs just blows my mind to think of the levels of obfuscation this process used and how easy it would be to miss it.
the guy was even in microsoft he was at his house testing debian
Aggressively writes a backdoor in COBOL
I don't get the joke
I can excuse attempting to compromise millions of computer systems worldwide for nefarious purposes but I draw the line at violating the contributor guidelines of an opensource project.
Its like saying bank robbery is against bankβs gun carrying policy.
Sure its true, but thats not really the problem being addressed. The massive, notorious security vulnerability is.
Oh the big lebowsky part, i dont get it either
Yep, probably because it's not funny or clever. My guess is that you look for funny and/or clever in your jokes.
Someone explained it, turns out it's just not my kind of joke. I get it now tho
Oh please, dear? For your information, the Supreme Court has roundly rejected prior restraint.
Nobody fucks with the Linux
This guy Archs! Am I right!? You know I'm right!
Best part to me is "The maintainer who added the backdoor has disappeared." implying it was removes because there's nobody left to maintain it
Far out