444
submitted 7 months ago* (last edited 7 months ago) by GreatDong3000@lemm.ee to c/linuxmemes@lemmy.world

\s obviously

you are viewing a single comment's thread
view the rest of the comments
[-] stebo02@lemmy.dbzer0.com 19 points 7 months ago
[-] Wilmo@lemmy.world 21 points 7 months ago* (last edited 7 months ago)

Former maintainer of the .xz project for about a year or two. Hid a backdoor into the code that almost made it into many bigger distros if it wasn't found by a Microsoft employee.

[-] communism@lemmy.ml 16 points 7 months ago

More specifically, it's the name used by the attacker. Could well be multiple people, or if it's one person (still almost certainly state-funded, but the state can fund one person), a fake name nevertheless. We have no info about this person's real life identity. They used a VPN in Singapore, and some people have looked at the times of the commits to try guess a timezone, though that's not foolproof as they could've just been a nocturnal person, or even tried to schedule commits to happen at a time to suggest they're in a different timezone, though I think the latter is unlikely and overkill.

[-] stebo02@lemmy.dbzer0.com 7 points 7 months ago

so it's very well possible that they're a CIA agent named John?

[-] Hovenko@iusearchlinux.fyi 6 points 7 months ago

Yep seems like a bigger organisation being involved considering fact that this was brewing 2+ years.

[-] HottieAutie@lemmy.dbzer0.com 10 points 7 months ago

i think it's the person that snuck in the xz vulnerability

this post was submitted on 01 Apr 2024
444 points (97.2% liked)

linuxmemes

21222 readers
44 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS