Let’s keep in mind that if this is a state actor or some sort of global organized crime, then they don’t put all their eggs into one basket. If that’s the case, they’re going to have a bunch of other plans and backdoor attempts ongoing. This isn’t the end and we can assume there’s something else somewhere that went unnoticed.
Security is a constantly changing war of attrition, not a goal/product/configuration.
If anything it highlights how great open source actually is when it comes to security. People saw it and immediately flagged it.
Lost me at suggesting that we run EDR on prod Linux servers.
Literally installing a backdoor intentionally…wow
Wish I could be a fly on the walk when the bad actor realized years of work has just gone down the drain
Probably fear, then subsequently followed by their brains next to you on said wall. Whichever government paid for a multi-year campaign to backdoor enterprise Linux distributions is not going to be happy about this failure.
What a dick. I couldn’t imagine spending that much time contributing to a project so I could introduce security vulnerabilities.
If this is one individual, and not a nation state, somebody needs to make some friends and pick up some hobbies.
I think its more likely someone spent this time contributing to the project specifically to exploit it
Yeah, I got that. I’m saying they need to make some friends and get some hobbies if they aren’t being funded by a state.
