this post was submitted on 11 Apr 2024
475 points (95.9% liked)
Programmer Humor
32345 readers
1297 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I heard that person actively contributed for something like 2 years, providing actually useful contributions, to gain the level of trust needed to plant that backdoor. Feels a bit too much to chalk it up to boredom.
As for the second part, that's an interesting question. Are there lots of backdoors and we just happened to notice this one, or are backdoors very rare exactly because we'd have found them out soon like in this case?
You'd be surprised what I manage with motivation and boredom.
You'd be surprised what a highly skilled ~~scalled~~ person can manage to achieve.
Boredom, Skills and Motivation are dangerous things to have if improperly handled.
You might be on to something, it might have been the lizzard people!
Another speculation from the suse team was a private company with intent to sell the exploit to state ~~across~~ actors
I think there's lots of known backdoors that are not publicly disclosed and privately sold.
But given the history of cves in inclined to believe most come from well intentioned developers. When you read the blogs from the Google security team for example, it's interesting to see how you need to chain a couple exploits at least, to get a proper attack going. Not in this case, it would make it very straightforward to accomplish very intrusive actions.