• shotgun_crab@lemmy.world
    link
    fedilink
    arrow-up
    49
    ·
    edit-2
    9 months ago

    Still paniking, cause the backdoor was apparently targetting Debian servers, it was discovered just by chance and the “mantainer” made commits for 2 years in the same repo

      • dan@upvote.au
        link
        fedilink
        arrow-up
        28
        ·
        9 months ago

        and it was only discovered accidentally, when someone was profiling some stuff, noticed SSH using a bit too much CPU power when receiving connections even for invalid usernames/passwords, and spent the time to investigate it more deeply. A lot of developers aren’t that attentive, and it could have easily snuck through.