476

transcriptScreenshot of github showing part of the commit message of this commit with this text:

Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).

While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

The sentence "This was a blatant violation of the Debian Free Software Guidelines" is highlighted.

Below the github screenshot is a frame of the 1998 film The Big Lebowski with the meme caption "What, are you a fucking park ranger now?" from the scene where that line was spoken.

you are viewing a single comment's thread
view the rest of the comments
[-] davel@lemmy.ml 10 points 7 months ago

You don’t kidnap extremely highly skilled internet malware developers and force them to code for you, you just pay them appropriately.

[-] Iapar@feddit.de 9 points 7 months ago

Jupp. If you trap someone highly skilled and give that person a weapon, the chances are good that this person will use that against you.

Like how does a less skilled person know that this code will not send location to the police with a message?

[-] TheGalacticVoid@lemm.ee 1 points 6 months ago

A bit late, but the police are often paid by captors, so calling the police just leads to punishment.

[-] TheGalacticVoid@lemm.ee 3 points 7 months ago

The malware, sure, but you're ignoring how they were able to push the malware in the first place.

this post was submitted on 11 Apr 2024
476 points (95.9% liked)

Programmer Humor

32549 readers
473 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS