There are two types of backdoors, the ones that were fixed and the ones we don’t know about.
The only reason why xz got exposed was because someone noticed SSH was a bit slower and decided to take their own hands to investigate. It’s possible this backdoor would go unnoticed for far longer if the attacker didn’t make this slight oversight.
So it might be that there have been other, successful attacks before. It’s just that this one is the one that got exposed.
Slower as in 500ms slower iirc.
Linux users when bloat
tbh given the context 500ms is a lot.
Yeah. 500ms for ssh feels like an eternity.
SSHing into my less powerful machines takes a good few seconds, so I’m not sure if I’d notice an extra 500ms. For the more powerful ones that are basically instant it would be much more noticeable.
And the ones you leave for yourself to check during development and forgotten to close before release.
This is why you should secure your own bureaucracy-bypassing backdoor with a long ass key (bonus point if you use pki instead of a simple static key).
I just use the Konami code as a secret password.
Shhh we don’t talk about these !
don’t forget the ones we got paid for very well and the ones we introduced to not go to prison
Backdoors all the way down!
Both open and closed source got these.
I love backdoors
Sure the front is nice but sometimes my girl and I like the backdoor.
I’m more of a sidedoor guy myself
Jim Morrison was truly a developer born into the wrong age.
I feel compelled to point out that “back door man” was already a common expression in blues lyrics.
Oh, I’m well aware, I just have a core association of Jim Morrison wailing “I’m a back door man.” It wasn’t an innovative line or anything.
