Linux

49774 readers

476 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

Backdoor for Windows, macOS, and Linux went undetected until now (arstechnica.com)

submitted 3 years ago by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

top 9 comments

sorted by: hot top controversial new old

[–] [email protected] 13 points 3 years ago* (last edited 3 years ago) (3 children)

Not a "back door" by my definition. The title of the article makes it sound like these operating systems have had a back door built-in in and it was only discovered now.

[–] [email protected] 3 points 3 years ago* (last edited 3 years ago) (1 children)

~~right ! ... and this makes "arstechnica[.]com" clickbaity and it's source "intezer" as well.
wtf, are some security groups run like inside the Dilbert comic strip ?~~
Edit after @[email protected] comments below and above mine :
Oups, my bad, it says :
Backdoor for (W... and) Linux ...
it does not say :
Backdoor in (W... and) Linux ...

[–] [email protected] 1 points 3 years ago* (last edited 3 years ago) (1 children)

It is not clickbait, the definition of a backdoor is clear.

If a software package got compromised without that you're aware of it and can still install it.

Please do not call everything which does not fit into your thinking or world clickbait, it is not.

[–] [email protected] 2 points 3 years ago (1 children)

understood, corrected and upvoted

[–] [email protected] 4 points 3 years ago

That's a pretty wholesome response.

[–] [email protected] 1 points 3 years ago

"Intezer said that may be an indication the file masqueraded as a type script app spread after being sneaked into the npm JavaScript repository."

The article doesn't say the developers leave the back door.

[–] [email protected] 1 points 3 years ago

Disagree, it says - for - not - in - ... there is a difference.

[–] [email protected] 6 points 3 years ago

2022 Jan 11, source : https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/

"A possible attack vector for this malware is via an infected npm package."
" ... attack was initiated during the second half of 2021"

[–] [email protected] 5 points 3 years ago

Infected NPM package

We need reproducible builds

Reproducible builds would have also stopped the Solar Winds hack too.