A backdoor in xz

Posted Mar 30, 2024 8:14 UTC (Sat) by niner (subscriber, #26151)
In reply to: A backdoor in xz by diegor
Parent article: A backdoor in xz

There are a lot more Linux boxes than Windows boxes. It's just that a lot of them are virtual and there are more non-desktop than desktop ones.

A backdoor in xz

Posted Mar 30, 2024 9:39 UTC (Sat) by geuder (subscriber, #62854) [Link] (4 responses)

Really? I mean Linux boxes having a stable, public IPv4 address and exposing sshd. Not counting Android and other embedded stuff.

I have no statistics whatsoever at hands. On one side it sounds unbelievable that you need more servers than people to serve. On the other hand computing has become such a waste of resources that I wouldn't be too surprised if you were correct.

A backdoor in xz

Posted Mar 30, 2024 9:52 UTC (Sat) by niner (subscriber, #26151) [Link] (1 responses)

Why not count embedded stuff? From Wifi routers to TVs to security cameras to light bulbs, they are running Linux and compromising them can give you a foot hold in a network.
Then of course there are millions and millions of systems comprising the cloud.

A backdoor in xz

Posted Mar 30, 2024 12:55 UTC (Sat) by geuder (subscriber, #62854) [Link]

In general yes. But I thought here we were discussing the concrete attack to get a backdoor into sshd.

I don't think a lot of those systems listen to the internet using sshd.

Of course with the hundreds of commits by the maintainer account in question it's not impossible that sshd is only the first attack vector found and there are also others.

A backdoor in xz

Posted Mar 30, 2024 13:24 UTC (Sat) by pawel44 (guest, #162008) [Link] (1 responses)

You need Linux servers to scan the web for Windows viruses. Furthermore, if we count Android the answer is clear.

A backdoor in xz

Posted Mar 30, 2024 14:39 UTC (Sat) by smurf (subscriber, #17840) [Link]

On the other hand, stock Android doesn't run a ssh server.