- cross-posted to:
- security@lemmy.ml
- cross-posted to:
- security@lemmy.ml
You must log in or register to comment.
They noticed that some ssh sessions took 0.5 seconds too long under certain circumstances. 😲
Holy hell that’s good QA.
Microsoft employee.
Don’t see why you’re being downvoted, the person in question who discovered this is a postgres maintainer employed by Microsoft.
Some no-name came and without any problems asked to become a maintainer in a project used in almost any distro, took it over, put a backdoor in there and no one had any questions? In this case, everything turned out thanks to pure chance. Noname screwed up his backdoor, which attracted the attention of a guy from Microsoft, and out of boredom, he dug up what was what. And if I hadn’t messed up, or that guy from Microsoft decided to go drink beer instead of poking around in the xz code, then no one would have discovered anything. It’s scary to imagine how many of these nonames are sitting in all these thousands of open source projects, waiting in the wings to roll out a malicious patch.
