An 0,5s slowdown is actually tremendous. But nobody pays attention to that detail.

You're very welcome!

My blind guest is also a nation state level attack

@@geekingjadi yeah I guess that so 🤔 lm thinking ,maybe there be other backdoors like this which still not been found! What’s your opinion?

Ya our government. I’ve seen this attack done and I’ve also analyzed the code. It’s a government back door 100%

@@iilliya8ssh is obviously a primary target to allow access but I hope that they will look around in case similar attacks have been included anywhere else

Makes you wonder how many others there maybe

Thanks for coming

Glad it was helpful! And if you knew everything in the video, it was a waste of time to watch :) and if you grasped 100% of it in one go, you were not learning much. The best learning is when you learn some new things and have a glance on some other stuff which you may learn about in the future.

Awesome, thank you!

Awesome, thank you!

This was a remote code execution attack. And yes.. would be a historical access to all servers if found it's way to major distros unnoticed

Glad you liked it!

Also, from what I read, xz is loaded because systemd uses it

Right right.. thanks for adding this. forgot to mention it. Will thumbs up so people will see it

I have not checked this personally because the xz repo is not public / accessible anymore. but consider these points: 1. github tarballs can be uploaded separately. So you can have code in your tarball which is not in your git. 2. The malicious code was in a "test" file and was summoned using a m4 file.

Glad you enjoyed it!

Sure thing! Its a super old bamboo from wacom. So old that the driver wont works on Mac anymore and needs patching. the software under mac is Screenbrush and under linux I use gromit-mpx

yes. but it will be 1000s of lines of code. in this case, the distros are trusting the "trusted" packages... In some countries the state do have a "recommended" distro which is checked by auditors. But they should be using older versions of everything.

currently AI can’t reliably detect sometimes even basic patterns. It’s also very prone to giving false positives. Catching stuff like that is very high level digital forensics. Maybe a specific AI developed to recognize those patterns and trained to recognize those patterns could in a few years. But it would only be used as a compass and not a metal detector

AI works based on seen patterns / lots of samples. Your idea already works on things like "recognizing the vandalism on wikipedia" but we do not have enough/alot of samples in programming yet... so as @johncarlson2632 said, it is possible to train an AI, but there will be lots of false positives. And.... in this case, the person with high privileges has done this... he would disable / bypass the AI too.

Whats the other choice? Otherwise they have to use an operating system which they do not know anything about its source code / programmers / ... . If someone is doing something super critical, they have to have their own GNU/Linux distro and audit all the code they use. This means 1. a super minimal distro and 2. using the older software and 3. lots of expenses.

Right. Another critical, single point of failure attack vector

just curious.... why would large organizations be using operating systems that get updates from open source git repositories? maybe im understanding this attack wrong just curious if you dont mind educating me

@@Noname23489 This is how life was going before, but i don't think it will be anymore, just like before and after 9/11, going to security checks has changed forever.

thanks for the hint. will try.

Glad it was helpful!

Very true!

The exploit literally was hidden in the tests, this does not add to the reputation of tests.

@@AlexanderTrefz How come? It's not about the test files, environment, or functions, it's about the act of "testing" itself.

In most cases anti viruses are used on Linux to detect windows based viruses on share files, emails, ... . On Linux we trust our distro and the fact that no virus can not just spread to servers as it does in the windows world. Firewalls are also there, deep in the OS (iptables).

lol on windows your antivirus is the virus, and the backdoors are built in to windows by some upset employee. Since no one can look at closed source code, the back doors go eternally undiscovered. Antivirus can't stop what it doesn't know, and it can't analyze that which has greater authority (the OS itself). The reason why you are hearing about this is because this is open source. You would not hear about it if it was closed source, you would just quietly get violated. After all, who would look into a half second delay on windows?

The Linux version of “antivirus” is that it’s open source and the holes get patched quickly, thus utterly negating the virus. It’s a completely different paradigm.

Screenbrush on Mac, gromit mpx on Linux

on the screen you mean? screenbrush under Mac & gromit-mpx under Linux

You're welcome 😊

Thank you 🙂

Thank you! Cheers!

right :) the irony.

The great thing about vague prophecy is that it can claim credit for predicting whatever random thing happens next.

@@glarynth Unprecedented cyber attack on the global financial system some time in 2024 that ushers in identification requirements online among other things. Yeah I can see how that's vague and imprecise. That could mean anything. What degree of power would this entity have had, had this hack been successful? I doubt very much.

@@glarynth Unprecedented cyber attack on the global financial system some time in 2024 that ushers in identification requirements online among other things. Yeah I can see how that's vague and imprecise. That could mean anything. What degree of power would this entity have had, had this hack been successful? I doubt very much.