Summarizing from Reuters: Microsoft programmer Andrews Freund in San
Francisco noticed odd behavior by open source program XZ Utils, a file
compression utility. It would intermittently consume huge amounts of
processing power.
Open source programs are maintained by volunteers. Usually a small
though rotating circle of programmers works on updating and fixing each
program. Someone using the name Jia Tan joined the XZ Utils working group.
Freund followed up on the odd behavior. He discovered that code inserted
into XZ Utils by Tan created a secret door. Whenever anyone used XZ
Utils to compress files, other computers across the internet could grab
the files in stealth.
Tan betrayed the trust that is the foundation of open software. There
will now be a scramble to figure out how to secure open source programs
while keeping them open.
Reuters said it "has been unable to ascertain who Tan is, where he is,
or who he was working for, but many of those who've examined his updates
believe Tan is a pseudonym for an expert hacker or group of hackers.
'This is not kindergarten stuff,' said Omkhar Arasaratnam of the Open
Source Security Foundation 'This is incredibly sophisticated.'"
(https://www.reuters.com/technology/cybersecurity/why-near-miss-cyberattack-put-us-officials-tech-industry-edge-2024-04-05/)
My bet is on a hacker group in China that does business with the
military or state security services. Because there is no longer anything
communist about the Communist Party of China. –Charlie
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#29809): https://groups.io/g/marxmail/message/29809
Mute This Topic: https://groups.io/mt/105362381/21656
-=-=-
POSTING RULES & NOTES
#1 YOU MUST clip all extraneous text when replying to a message.
#2 This mail-list, like most, is publicly & permanently archived.
#3 Subscribe and post under an alias if #2 is a concern.
#4 Do not exceed five posts a day.
-=-=-
Group Owner: [email protected]
Unsubscribe: https://groups.io/g/marxmail/leave/8674936/21656/1316126222/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
