AnnaFrankfurter
OK why does this outfit look so similar to a previous well known organization or if you may a clan with a K
I know nftable is more secure and robust but sometimes I feel like iptables is the way.
This is the original email by the person who discovered this backdoor. But if you want you can search for xz backdoor and you'll find a lot more articles which explain timelines and other things. https://www.openwall.com/lists/oss-security/2024/03/29/4
== Observing Impact on openssh server ==
With the backdoored liblzma installed, logins via ssh become a lot slower.
time ssh nonexistant@...alhost
before:
nonexistant@...alhost: Permission denied (publickey).
before:
real 0m0.299s
user 0m0.202s
sys 0m0.006s
after:
nonexistant@...alhost: Permission denied (publickey).
real 0m0.807s
user 0m0.202s
sys 0m0.006s
That's a 500ms or 0.5s difference
They don't need to guess the password. If you don't have full disk encryption I can just run another os in live mode and mount your drive and read everything. And even change the password to your fedora, by changing the hash in shadow file
Hey we need people like that, remember when an autistic person discovered few hundred millisecond delay in ssh which uncovered Jia Tan backdoor.
Welp that escalated quickly
From my experience that is fairly normal
Hexagons are bestagons
Switch to rolling distro, it will break so many things with each update you'll learn stuff by fixing it. Also you can check https://overthewire.org/wargames/bandit/
Obligatory https://xkcd.com/927/