[ad_1]
Anyone who basically works on drilling tools online will point out that it is not a good machine that runs without any major problem.
Better yet, it's a collection of disorganized parts assembled over decades, preserved only thanks to the equivalent of digital tape and a coat of mascara. Much of the dependency on open coding is that keeps a small program functional from volunteer programmers who want to take credit for fixing bugs, correcting bugs, and making sure it's well designed, generating billions of dollars from the overall global in-house product, for a long time. sequential.
It's very likely that one of those programmers has had a major problem on the Internet in the past week.
His name is Anders Freund. He is a 38-year-old software engineer who lives in San Francisco and works at Microsoft. Part of your work consists of developing a piece of open coding software for managing well-known databases such as PostgreSQL. If you can properly explain what this program does (although it can't be done conclusively), the only test is to log errors.
So far, while performing some routine maintenance tasks, researchers have discovered without having to open a hidden door in a piece of software that is part of the Linux operating system. It is possible that this was the door behind the prelude to a significant cyberattack, which, according to expert opinion, could sometimes have resulted in atrocities in the occurrence of tangible actions.
Now, on a celebrity tour of Hollywood, several tech industry leaders and cybersecurity investigators have befriended the heroes. Satya Nadella, CEO of Microsoft message Sue “Curiosity and excitement.” a fan This description Like “Gorilla Leader of the Nerds.” Among the Creators was based around an old web comic, popular among programmers, where the premise is that modern digital infrastructure depends on a project being maintained For another species in nebraska (Según ellos, Freund es ese typeo).
In an interview this week, Freund — who was actually a budding programmer in Germany and says he's cute and didn't want to take a photo for this article — commented that he had turned into an internet celebrity that caused a lot of confusion.
“I have a lot of extra money,” dijo. “I'm a very memorized person who sits in front of the computer and produces code.”
The story itself began a year ago, during a trip home after visiting her parents in Germany. While reviewing the automated test log, you can confirm that there are a large number of unrecognized error messages. At this moment, the effects of canceling the watch and messages do not appear urgently and are saved in its memory.
But several weeks later, while running other tests at home, he noticed that the SSH connection application, which is used to log into remote computers, was using more processing than usual. After searching for the root of the problem, I deleted a set of data compression tools required by xz Utils, if they were related to the errors I encountered before.
(I don't care if these names sound like they're from Chinese; in fact, you just need to know that there are small parts of the Linux operating system that want to look up as the world's most important open code program. No Gran Mayoria The world's servers—including those used by banks, hospitals, government, and Fortune 500 companies—run with Linux, because its security is of global importance).
As with other popular encryption software, Linux is updated frequently, and most bugs should be subtle and subtle. However, when Freund examines the code used by XZ Utils further, he finds trails that suggest it has been altered in an intentional way by someone else.
In particular, I discovered that some others contain malicious code in newer versions of XZ Utils. The code, created as a backdoor, allows its creator to close a user's SSH connection and secretly patch their code on that user's machine.
At the first moment, Freund was deceived by his birth. Did you really have to discover a backdoor in one of the most open encryption programs in the world?
“Feel Surreal Age,” Related. “I have often thought that this is bad sleep and delirium.”
But consistent with the analysis carried out, a new identity is established until one week passes for Freund Compare with your friends With a group of open crypto developers. These notices do not cause alarm in the technological world when it is too late. Within just a few hours, a fix was created and some researchers entrusted them to a friend to avoid a potentially historic hack.
Club knows if the door through the back door Apparently, the plan was so detailed that some investigators are convinced that they may just intend to create a nation with enormous capabilities to conceive cyber attacks, like Russia or China.
second Some investigators who reviewed the evidence, everything seems to indicate that the attacker used a fake name, “Jia Tan”, to suggest changes to xz Utils from 2022 (many cross-OS encryption software projects originate; developers suggest changes to them) Software code , and allows more experienced programmers to review and correct changes).
If you believe that the attacker is using the name Jia Tan, he will work over many years to gain a little trust from other XZ Utils developers, gain greater control over the project, speed up the internal map, and finally, enter the code with the hidden backdoor, This is the same year (although the new, manipulated version of the code is no longer available for communication, it is no longer the era of generalized use).
The friend said that since their relatives were attacking the public, he dedicated himself to helping agencies intending to reproduce the attack with reverse proficiency to identify the culprit. So I was too busy sleeping on our corpses. The next version of PostgreSQL, the database management software in business, is becoming more available every year and everyone is looking to accept some last-minute changes before deletion.
“In reality, there is no time to go to one job to celebrate,” he says.
Kevin Rose He is a technology columnist for The Times and a podcast host Hard fork. More from Kevin Rose
[ad_2]
Source