Why a near-miss cyberattack put US officials and the tech industry on edge (yahoo.com) This deeply hidden backdoor was only caught by sheer luck. Culprit? Assumed, for now, to be either be a hacker group or an "intelligence agency".. You pick which nightmare... *** Here’s How Millions of Linux Computers Almost Got Hacked (googleusercontent.com) current hive mid pick? ChiCom intel hackers. Surprised? I'm not. The only surprise is they got caught - on this one -- this time.
No, I am not surprised either and think it was damn lucky it was even found. Given the name of the individual and the slow methodical means they did this, the obvious conclusion would be to suspect the Chinese intelligence agency (this is my bet) and I wonder if the feds will take an interest in this. The bottom line is what this should tell all of us is that Open-Source Software (OSS) can't be trusted either. Also, don't think Closed source software (CSS) can be trusted as there has already been incidences where back doors were installed and discovered and even one, I heard about that one of the US intelligence agencies wrote a communication software/app and distributed it for free.
It was really a long term infiltration with some social engineering to introduce this exploit. Been wondering for years when we would actually see a situation similar to this. Using a zip library (archival tool) to gain SSH access without authentication is kind of a cool exploit. Feels like a nation state actor. JMHO.
Yep, long term plans and not get rich quick scheme. Getting it into installer bypasses a lot of security checks and opens up to a lot of programs. Not something done in Mom's basement over a Mt. Dew.
The machine code was added after the code was complied. NOT a basement warrior for sure. I’m guessing, MSS from China...the bad guys.
twas probably russi_ chin_ iran north korea dere is indications twas da rooskies been yellin about dis fer years nobody is listenin
Sec i think you forget a few big ones BKR,MI6,MOSAD and the good old NSA.And no doubt the all try to spy and steal.And most forget a java script is a program on a other computer that runs on your machine!And today all websites use many of them.Specially on your spyphone.
I don't think that's really the case, because the whole reason this vulnerability was found is because it's in the open. The entirety of open source still remains reliable and is a proven method to deliver the very best, when the corporate version is certainly only created to maximize profits and sometimes also serve nefarious purposes. Open source programs and utilities have to stand up to public scrutiny and testing, when a corporate product is shielded behind law and copyright. And something people fail to focus on is the fact that even these hacks require a port to communicate and access through your firewall, and if you run PfSense and any number of functions to see what's going on like Snort, you can manage your security. You can set up rules and restrict access by your machine or any PC on your network, even set which can access the internet at all. Network security is perhaps the weakest link, but it doesn't have to be.
All good info, I will just add.... Take the word SAFE out of your vocabulary, there is no "Safe" only "Safer". I apply this to everything not just computers. -JW
True. Yet, it was admitted that it was simply by chance that it was found in the open-source software. I agree, as point out by @JediWoodsman , that Open Source is safer but there is no longer such a thing as 'safe'.
nuffin has ever been safe, twas da illusion uv safety, jus sayn open source is safer if ya audit da code da right way