Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

You will visit the Dung Pits of Glive soon.

aus+uk / aus.computers / malware backdoor in very latest linux

SubjectAuthor
* malware backdoor in very latest linuxOzix
`* Re: malware backdoor in very latest linuxnoel
 +- Re: malware backdoor in very latest linuxOzix
 `* Re: malware backdoor in very latest linuxComputer Nerd Kev
  `- Re: malware backdoor in very latest linuxnoel

1
malware backdoor in very latest linux

<660779a3$1@news.ausics.net>

  copy mid

https://news.novabbs.org/aus+uk/article-flat.php?id=4253&group=aus.computers#4253

  copy link   Newsgroups: aus.computers
Newsgroups: aus.computers
X-Mozilla-News-Host: news://news.ausics.net:119
From: ozix@xizo.am (Ozix)
Subject: malware backdoor in very latest linux
Date: Sat, 30 Mar 2024 10:32:03 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Firefox/91.0 SeaMonkey/2.53.18.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: news.ausics.net
Message-ID: <660779a3$1@news.ausics.net>
Organization: Ausics - https://newsgroups.ausics.net
Lines: 2
X-Complaints: abuse@ausics.net
Path: i2pn2.org!i2pn.org!news.bbs.nz!news.ausics.net!not-for-mail
 by: Ozix - Sat, 30 Mar 2024 02:32 UTC

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
Also in Suse Tumbleweed and other such rolling/testing distros.

Re: malware backdoor in very latest linux

<6607e2fe$1@news.ausics.net>

  copy mid

https://news.novabbs.org/aus+uk/article-flat.php?id=4254&group=aus.computers#4254

  copy link   Newsgroups: aus.computers
From: deletethis@invalid.lan (noel)
Subject: Re: malware backdoor in very latest linux
Newsgroups: aus.computers
References: <660779a3$1@news.ausics.net>
X-No-Archive: Yes
User-Agent: Pan/0.141 (Tarzan's Death; 168b179 git.gnome.org/pan2)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
NNTP-Posting-Host: news.ausics.net
Message-ID: <6607e2fe$1@news.ausics.net>
Date: 30 Mar 2024 20:01:34 +1000
Organization: Ausics - https://newsgroups.ausics.net
Lines: 14
X-Complaints: abuse@ausics.net
Path: i2pn2.org!i2pn.org!news.bbs.nz!news.ausics.net!not-for-mail
 by: noel - Sat, 30 Mar 2024 10:01 UTC

On Sat, 30 Mar 2024 10:32:03 +0800, Ozix wrote:

> https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-
rawhide-users
> Also in Suse Tumbleweed and other such rolling/testing distros.

of course your likely safe if using a non systemd distro, slackware is
free of it because it doesnt use the virus worse then covid - systemd.

of course also the obvious...
always sign packages and their checksum files with a secure gpg key
d/l'rs always check the signing, checksums meh they only confirm your d/l
is complete, not like this mess an archiver psackage (xv) has been r00ted
especially if your distro packager :P

Re: malware backdoor in very latest linux

<6608ac4c$1@news.ausics.net>

  copy mid

https://news.novabbs.org/aus+uk/article-flat.php?id=4255&group=aus.computers#4255

  copy link   Newsgroups: aus.computers
Subject: Re: malware backdoor in very latest linux
Newsgroups: aus.computers
References: <660779a3$1@news.ausics.net> <6607e2fe$1@news.ausics.net>
From: ozix@xizo.am (Ozix)
Date: Sun, 31 Mar 2024 08:20:28 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Firefox/91.0 SeaMonkey/2.53.18.2
MIME-Version: 1.0
In-Reply-To: <6607e2fe$1@news.ausics.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: news.ausics.net
Message-ID: <6608ac4c$1@news.ausics.net>
Organization: Ausics - https://newsgroups.ausics.net
Lines: 20
X-Complaints: abuse@ausics.net
Path: i2pn2.org!i2pn.org!news.bbs.nz!news.ausics.net!not-for-mail
 by: Ozix - Sun, 31 Mar 2024 00:20 UTC

noel wrote:
> On Sat, 30 Mar 2024 10:32:03 +0800, Ozix wrote:
>
>> https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-
> rawhide-users
>> Also in Suse Tumbleweed and other such rolling/testing distros.
>
> of course your likely safe if using a non systemd distro, slackware is
> free of it because it doesnt use the virus worse then covid - systemd.
>
> of course also the obvious...
> always sign packages and their checksum files with a secure gpg key
> d/l'rs always check the signing, checksums meh they only confirm your d/l
> is complete, not like this mess an archiver psackage (xv) has been r00ted
> especially if your distro packager :P
>

xckd did a cartoon about about global digital infrastructure being
dependent on some code maintained by a single person:
https://xkcd.com/2347/

Re: malware backdoor in very latest linux

<6608b25c@news.ausics.net>

  copy mid

https://news.novabbs.org/aus+uk/article-flat.php?id=4256&group=aus.computers#4256

  copy link   Newsgroups: aus.computers
Message-ID: <6608b25c@news.ausics.net>
From: not@telling.you.invalid (Computer Nerd Kev)
Subject: Re: malware backdoor in very latest linux
Newsgroups: aus.computers
References: <660779a3$1@news.ausics.net> <6607e2fe$1@news.ausics.net>
User-Agent: tin/2.0.1-20111224 ("Achenvoir") (UNIX) (Linux/2.4.31 (i586))
NNTP-Posting-Host: news.ausics.net
Date: 31 Mar 2024 10:46:20 +1000
Organization: Ausics - https://newsgroups.ausics.net
Lines: 26
X-Complaints: abuse@ausics.net
Path: i2pn2.org!i2pn.org!news.bbs.nz!news.ausics.net!not-for-mail
 by: Computer Nerd Kev - Sun, 31 Mar 2024 00:46 UTC

noel <deletethis@invalid.lan> wrote:
> On Sat, 30 Mar 2024 10:32:03 +0800, Ozix wrote:
>
>> https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-
> rawhide-users
>> Also in Suse Tumbleweed and other such rolling/testing distros.
>
> of course your likely safe if using a non systemd distro, slackware is
> free of it because it doesnt use the virus worse then covid - systemd.

Yes the SSH vulnerability only works a result of patches done by
distros for Systemd support in openSSH.

> of course also the obvious...
> always sign packages and their checksum files with a secure gpg key
> d/l'rs always check the signing, checksums meh they only confirm your d/l
> is complete, not like this mess an archiver psackage (xv) has been r00ted
> especially if your distro packager :P

True, but here it was a trusted developer of XZ Utils who put in
the backdoor code, and they actually had the key to sign releases
as authentic. So signed checksums can't help in a case like this.

--
__ __
#_ < |\| |< _#

Re: malware backdoor in very latest linux

<660a0a3d$1@news.ausics.net>

  copy mid

https://news.novabbs.org/aus+uk/article-flat.php?id=4257&group=aus.computers#4257

  copy link   Newsgroups: aus.computers
From: deletethis@invalid.lan (noel)
Subject: Re: malware backdoor in very latest linux
Newsgroups: aus.computers
References: <660779a3$1@news.ausics.net> <6607e2fe$1@news.ausics.net>
<6608b25c@news.ausics.net>
X-No-Archive: Yes
User-Agent: Pan/0.141 (Tarzan's Death; 168b179 git.gnome.org/pan2)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
NNTP-Posting-Host: news.ausics.net
Message-ID: <660a0a3d$1@news.ausics.net>
Date: 1 Apr 2024 11:13:33 +1000
Organization: Ausics - https://newsgroups.ausics.net
Lines: 13
X-Complaints: abuse@ausics.net
Path: i2pn2.org!i2pn.org!news.bbs.nz!news.ausics.net!not-for-mail
 by: noel - Mon, 1 Apr 2024 01:13 UTC

On Sun, 31 Mar 2024 10:46:20 +1000, Computer Nerd Kev wrote:

>> always sign packages and their checksum files with a secure gpg key
>> d/l'rs always check the signing, checksums meh they only confirm your
>> d/l is complete, not like this mess an archiver psackage (xv) has been
>> r00ted especially if your distro packager :P
>
> True, but here it was a trusted developer of XZ Utils who put in the
> backdoor code, and they actually had the key to sign releases as
> authentic. So signed checksums can't help in a case like this.

Indeed, although that information was not available before I posted
that :)

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor