this post was submitted on 16 Jan 2025
420 points (96.3% liked)

Memes

49990 readers
1 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 6 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
420
The glass is NOT half full (libranet.de)
submitted 11 months ago by fu@libranet.de to c/memes@lemmy.ml
43 comments fedilink hide all child comments
 

you are viewing a single comment's thread
view the rest of the comments
[–] AnnaFrankfurter@lemmy.ml 24 points 11 months ago (1 children)

Hey we need people like that, remember when an autistic person discovered few hundred millisecond delay in ssh which uncovered Jia Tan backdoor.

[–] ravermeister@lemmy.rimkus.it 3 points 11 months ago (1 children)

Is there an article about that, I would like to read some more about this topic😊

[–] AnnaFrankfurter@lemmy.ml 2 points 11 months ago* (last edited 11 months ago) (1 children)

This is the original email by the person who discovered this backdoor. But if you want you can search for xz backdoor and you'll find a lot more articles which explain timelines and other things. https://www.openwall.com/lists/oss-security/2024/03/29/4

 == Observing Impact on openssh server ==

With the backdoored liblzma installed, logins via ssh become a lot slower.

time ssh nonexistant@...alhost

before:
nonexistant@...alhost: Permission denied (publickey).

before:
real	0m0.299s
user	0m0.202s
sys	0m0.006s

after:
nonexistant@...alhost: Permission denied (publickey).

real	0m0.807s
user	0m0.202s
sys	0m0.006s

That's a 500ms or 0.5s difference

[–] ravermeister@lemmy.rimkus.it 2 points 11 months ago

Thanks πŸ™πŸ‘ŒβœŒοΈ