this post was submitted on 14 Apr 2024
84 points (83.9% liked)

Linux

48090 readers
717 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
all 24 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 6 months ago

Straight from the horse's mouth!

[–] [email protected] 44 points 7 months ago (2 children)

Maybe Kaspersky is Russia backed and is filled with backdoors. Idk, and I don't care because I don't use their products. But I do know they have great security experts and when they publish analysis like thesez they are generally very complete and informative, like when they discovered the remote hack on iPhones thing: https://securelist.com/operation-triangulation-catching-wild-triangle/110916/

[–] [email protected] 7 points 6 months ago

Indeed. Their knowledge and detailed articles are pure gold!

[–] [email protected] 17 points 7 months ago

Kaspersky is probably the best company to hear from regarding such high profile compromises. Their discovery and breakdown of the recent Apple chip backdoor revealed how the American spy machine infiltrated Apple.

[–] [email protected] 78 points 7 months ago (3 children)
[–] [email protected] 15 points 6 months ago (1 children)

Well, it doesn't invalidate the analysis.

This was a sophisticated attack happening over 2 years, from knowing the current maintainer was emotionally vulnerable to the structure of using the build system to introduce the patched code to Linux distro repos.

I'm guessing Kaspersky will come to the same conclusions many others have; that this was a state actor or similiarly well heeled group.

[–] [email protected] 2 points 6 months ago (1 children)

First time I've seen somebody acknowledge that it's not just nation states with such capabilities. There are some huge organized crime syndicates.

[–] [email protected] 2 points 6 months ago

But from what I've seen cybersec is mostly about blaming Russia/China/DPRK

[–] [email protected] 28 points 7 months ago

Right. After posting this I saw the blog post by jfrog, which seems to do a very good job : https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/