Technology
One volunteer prevented a backdoor from compromising Linux systems globally.
– Linux narrowly escaped a massive cyber attack over Easter weekend thanks to one volunteer discovering a backdoor in the XZ Utils compression format used in Linux distributions.
– The backdoor was inserted into the remote log-in of Linux, making systems vulnerable to compromise.
– The volunteer, Andres Freund, identified the malicious code and the developer behind it, known as JiaT75, who had been working on the project openly.
– Red Hat and Debian issued security alerts and took actions to revert compromised packages.
– JiaT75, along with fake identities Jigar Kumar and Dennis Ens, attempted to get the backdoored code into Linux distributions.
– The incident highlighted vulnerabilities in open source infrastructure and the dependence on unpaid volunteers for critical software maintenance.
– Microsoft’s response to a support request for a high priority bug by a developer behind FFmpeg sheds light on the challenges faced in maintaining open source software without proper financial support.
Source link