Skip Navigation

Programmer Humor @lemmy.ml

Arthur Besse @lemmy.ml

10mo ago

that ain't legal either

Achievers @lebowski.social

Arthur Besse @lemmy.ml

10mo ago

Regrettably it's true, standards have fallen

24 2

linuxmemes @lemmy.world

Arthur Besse @lemmy.ml

10mo ago

that ain't legal either

141 9

66 comments

Backdoors are bad for security 😆😆
- oh dang removes backdoor from my house
  
  OnlyF~~ans~~rontDoor
  
  Hell yeah. Make the windows difficult to enter, and now you have a singular point of entry.
  Then put a gun turret there.
  
  Don't remove the back door from your house, bar it with a sturdy 2x4 that holds it closed. Just be sure to use a 2x4 that is not made weak by the application of a specific chemical that only the secret bad guy knows about.

Seriously. If you are going to do it, write in assembly or something else no one understands.
- Tbh jia tan really wasn't lucky some mf at Microsoft noticed a 500ms delay in ssh. The backdoor was so incredibely clever and Well hidden and ingenious i almost feel bad for him lmao
  
  A really good point I heard is: this was likely a state actor attack, so how many others just like this are out there, undiscovered?
  
  the guy was even in microsoft he was at his house testing debian
- Aggressively writes a backdoor in COBOL
- Whoa hol up.
  Write the build script in assembly?
  Thats not okay man.
  
  No, it this case the backdoor. Hide it in plain sight.
- Assembly wouldn't run on multiple architectures
  
  Neither does the blob it downloaded. Would you think twice about AVX10 support if it was commented as AVX10 support in a compression library? Some might, but would they be the ones reviewing the code? A lot of programs that can take advantage of "handwritten" optimizations, like video decoders/encoders and compression, have assembly pathways so it will take advantage of the hardware when it is available but run when it isn't. If the reviewers are not familiar with assembly enough something could be snuck in.
  systemD is using dlopens for libraries now and I am not convinced malware couldn't modify the core executable memory and stay resident even after the dl is unloaded. Difficult, yes, but not impossible.

I don't get the joke
- I can excuse attempting to compromise millions of computer systems worldwide for nefarious purposes but I draw the line at violating the contributor guidelines of an opensource project.
- Yep, probably because it's not funny or clever. My guess is that you look for funny and/or clever in your jokes.
  
  Someone explained it, turns out it's just not my kind of joke. I get it now tho
- Its like saying bank robbery is against bank’s gun carrying policy.
  Sure its true, but thats not really the problem being addressed. The massive, notorious security vulnerability is.
  
  Oh the big lebowsky part, i dont get it either
  
  I got that part, which is funny. The movie below tho, I don't think is
- Scene (invidious)

Backdoors are bad for security.
No shit....
- You've gotta wonder what else you'd write though
  Especially given the urgency guy's probably not gonna sit there and ponder

Nobody fucks with the Linux
- This guy Archs! Am I right!? You know I'm right!

Best part to me is "The maintainer who added the backdoor has disappeared." implying it was removes because there's nobody left to maintain it

Oh please, dear? For your information, the Supreme Court has roundly rejected prior restraint.

Well, I think they should revoke that guy's PGP key
- Isn't the point of PGP/GPG that there's no central database?
  
  Yes, he will always be able to prove that's it's him. But if they revoke the permissions of that key he can't do any more damage

Far out

reminds me of the infamous NSA backdoor patch blog for Notepad++

- The binaries had part of the source hidden in them implying it was closed source code. But it wasnt compiled code its just poorly obfuscated code. The pattern is pretty simple.

66 comments