While running some tests, A A Microsoft engineer has discovered malicious code in software used in most Linux distributions It may have saved the world from a massive problem capable of affecting systems across the entire planet simultaneously.
Anders Freund Identified andMalicious code fragments hidden in two versions of an open source data compression tool It is very popular and used in almost all major Linux distributions. The tailgate on xz Utils was identified on March 29, Days before the various distributions of production releases of the open source operating system For this operating system to integrate the latest version of the xz Utils library.
How did you come to the discovery? Pure curiosity and impatience with the process that was taking longer than expected. how much time left? Half a second. The tests that led to Anders Freund's discovery were conducted on a beta version of Debian, with slower-than-expected performance when using encrypted connections.
Hey The process started taking 0.8 seconds and consuming more CPU resources More than usual, and that was enough for the engineer to realize that something was wrong and wanted to know why. And find out. It has been identified Pieces of malicious code in the utility package that allow Leave some kind of door open (backdoor) for future attacks on systems that use itwith the potential to impact the entire Linux distribution chain, as it targets a library widely used in this ecosystem.
A more in-depth study of this discovery has already revealed that Malicious code was injected into this essential “piece” of many Linux distributions a couple of years agoslowly and discreetly.
Open source software is the foundation of almost everything on the Internet. They are the Linux systems, software, and libraries, which are often maintained by independent programmersWhich makes the digital world move, especially in the world of servers and Internet infrastructure.
Comprehensive tools like xz are often maintained by a small community or even a single person, as was apparently the case. The utility “saboteur” joined the community in 2021. Since then, he has apparently made valid contributions to several projects, and since 2022 has begun working with Xz, he wrote Watchman. this The vandal identifies himself as Jia Tan in the account he has maintained on GitHub since 2021, which says very little about the real identity of the person behind the profile. It could be an individual user, or a group serving a country, no one knows yet.
It also remains to be seen what kind of attack could result from this, but what is already clear is that the work was done over time, to gain the trust of the community, which in the last two years has dealt with a hacker, with purposes that no one knows about yet.
a The first attempt to send changes to xz Utils was sent by Jia Tan in 2022 According to a report by Ars Technica, this has sparked some controversy over the level of involvement of the programmers responsible for the project in that mission and some pressure for its acceptance. This pressure will come from another new member of the community.
had already In February of this year, the same user Jia Tan submitted changes to two versions of Xz Utils (5.6.0 and 5.6.1)., which provided a backdoor that has since been discovered. This vulnerability allows an attacker to connect to devices running these versions of the software via SSH and bypass the authentication process to take control of the system.
As he admitted in statements to Politician Anjana Rajan, White House Assistant for Cybersecurity “This is like an insider threat in the open source ecosystem that we haven't seen before.”. The often-discussed weaknesses of the open ecosystem, with software that anyone can see, use, edit, or distribute, have also been strengths in the evolution of Linux, which relies on the knowledge of millions of technicians and leverages many eyes to debug errors and failures And make the system develop.
this time Someone who many experts could only have the support of the stateuse this mechanism to gain the trust of the community and take advantage of the time constraints of volunteers working on Linux development.
Hey The issue affects many Linux distributions Such as Fedora Rawhide, Fedora 40 Beta, Kali Linux, openSUSE Tumbleweed, openSUSE MicroOS, and experimental Debian distributions. a The immediate solution is to downgrade the affected library to previous versions Those who have the problem, although some experts say this is still not a 100% reliable guarantee that the problem will be completely contained.
still The fact that this backdoor was discovered before the affected version of xz Utils was added to production builds of Linux means that it “did not affect anyone in real life.” Will Dorman, senior analyst at Analygence, said: Ars Technica. But the person responsible himself admits that if the flaw had not been discovered at this stage, it could have had “catastrophic effects on the world.”
“Coffee trailblazer. Social media ninja. Unapologetic web guru. Friendly music fan. Alcohol fanatic.”