• shotgun_crab@lemmy.world
    link
    fedilink
    arrow-up
    49
    ·
    edit-2
    8 months ago

    Still paniking, cause the backdoor was apparently targetting Debian servers, it was discovered just by chance and the “mantainer” made commits for 2 years in the same repo

    • Possibly linux
      link
      fedilink
      English
      arrow-up
      11
      ·
      8 months ago

      The fact that this was planned is what makes me nervous. Imagine what else is lurking.

      • dan@upvote.au
        link
        fedilink
        arrow-up
        28
        ·
        8 months ago

        and it was only discovered accidentally, when someone was profiling some stuff, noticed SSH using a bit too much CPU power when receiving connections even for invalid usernames/passwords, and spent the time to investigate it more deeply. A lot of developers aren’t that attentive, and it could have easily snuck through.