• floofloof@lemmy.ca
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    edit-2
    8 months ago

    It was a huge fluke of luck that the XZ backdoor didn’t go in any actual Linux distribution releases.

    It did get into a few, just not the ones corporations are likely to be using.

      • bort
        link
        fedilink
        arrow-up
        15
        ·
        8 months ago

        it’s safe to assume there are similar issues in closed source. A big part of the snowden leaks was about how NSA could access lots of data at will. It wouldn’t surprise me if they also could execute code.

        Also there is stuxnet. But I am not sure, if there were intentional backdoors, or only some “natural occuring” RCE.

        • Kelly@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          8 months ago

          It wouldn’t surprise me if they also could execute code.

          They sat on external blue for 5 year before it was stolen and they disclosed the vulnerability to Microsoft.

          https://en.wikipedia.org/wiki/EternalBlue

          I don’t see why we wouldn’t assume there is always something similar in their armoury.