this post was submitted on 29 Mar 2024
670 points (99.4% liked)
Technology
58303 readers
15 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is the best summary I could come up with:
Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.
An update the following day included a malicious install script that injected itself into functions used by sshd, the binary file that makes SSH work.
So-called GIT code available in repositories aren’t affected, although they do contain second-stage artifacts allowing the injection during the build time.
In the event the obfuscated code introduced on February 23 is present, the artifacts in the GIT version allow the backdoor to operate.
“This could break build scripts and test pipelines that expect specific output from Valgrind in order to pass,” the person warned, from an account that was created the same day.
The malicious versions, researchers said, intentionally interfere with authentication performed by SSH, a commonly used protocol for connecting remotely to systems.
The original article contains 810 words, the summary contains 146 words. Saved 82%. I'm a bot and I'm open source!
I wonder what convinced the model to treat git as an acronym
I imagine many aren't familiar with British slang and therefore assume git must stand for something, especially considering software devs love their acronyms.
It was like that in the original article. Or are you saying that the original was written by an AI too (it might be).