Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp690592lqb; Wed, 17 Apr 2024 08:10:09 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWNd9OpPEQL5x2hLQ90UYe6/6z9qHTRCJ8hM0iSkwGDAladYUTewpsTO/gc4XHFN8cvLh1wP3qKcU/ozwU1j3T50VbXWI1ElUdV2/ks4w== X-Google-Smtp-Source: AGHT+IGFwZKM1Lmo9wpDTRlMedPtvH2zErhqrKId+L/biFSHEUvXaOu6J+MGsna9/EIz8C2mPZcr X-Received: by 2002:a05:6214:d63:b0:6a0:4621:a9a1 with SMTP id 3-20020a0562140d6300b006a04621a9a1mr3834302qvs.55.1713366609091; Wed, 17 Apr 2024 08:10:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1713366609; cv=none; d=google.com; s=arc-20160816; b=wSWd/+xBZlVlE8mp1UDx+Sl6RaEwQ7u6EL1E6Wd1z76DuV7EvbHAhgemTiQxXKJ2QT NJvTT1TuUY0UfGP4chnutmQR0H/aNo7FmWbYu012zcIRRneLNZGUVrUcIdU+LuboDADy a3mD8COHJ6ORI+VARPHjZN6v+5xY2GeTMQCUUKMhNqMoYVeiqBq1p2cqAShtdR1coqkT Wx7f5NqF+ev9S+zKfLjbkhZZGAZ7/RXHDBqqUXGjzAZz+Ott9C2wN0TR+sXw45Vg4rt4 0gQOQsxrCtE32lvB5r2q9KODvFsQw7ZqygODL+Zi396/mhJmE4Cs1LE7bWqORKpgwqXe N8+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:to:message-id:date:from:in-reply-to:references:mime-version :dkim-signature:delivered-to:delivered-to:reply-to:list-id :list-subscribe:list-unsubscribe:list-help:list-post:precedence :mailing-list; bh=FLKCAuX4WIaABbX9InrmItduwM4DIqWdP7ws9gZc7Pc=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=KEmnZKJdvqsJqYxRwGvjR4/lcdSfQLtATUNvzi1Cre8+WYoa+vLTC3/mi2bSLiOaYO /f3SfQkOmp7FVsIgXtVa663eLxh6kJ6sLr/fgaRsnXLXlyuMWnSHlrkQdMRFeaiiLwUH K1KIqsGkPfFGlrx614nqpcpVzYGMuEG2IlVBZTH8VfyUWPIvwjHfYdIL6StVeDb0fUO4 ThaA4cgfdXrExlAAd1OmSB1lP7JEtN1R9YsPJt5B5TSJ3eylIfhC2m5Am58m+YRf23CR PaLccD/ZSftsAgVY8KIHUGkyPaLVOlh0Rncudk4OoW1gf/xi+Z8mJJKb+MNukMr7XBlT HWGQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20230601 header.b=DfXP2FA6; spf=pass (google.com: domain of oss-security-return-30044-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30044-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id iy8-20020a0562140f6800b006a04132300asi3273293qvb.413.2024.04.17.08.10.08 for ; Wed, 17 Apr 2024 08:10:09 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30044-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20230601 header.b=DfXP2FA6; spf=pass (google.com: domain of oss-security-return-30044-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30044-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (qmail 21672 invoked by uid 550); 17 Apr 2024 15:09:50 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 13962 invoked from network); 17 Apr 2024 14:52:34 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713365545; x=1713970345; darn=lists.openwall.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=FLKCAuX4WIaABbX9InrmItduwM4DIqWdP7ws9gZc7Pc=; b=DfXP2FA6uN4ID/unz9T5swpc1hyoQO/8ezpPaMFrI5LdqMBoudsyX2kkwsHZA5n4QG a2ZukOwTawqeNhFqsl+nGGEZI+bErervDwTuHF7DIfqeSeXAf8SvrfSYmllqfWothCth bFk6AAFIhbWX4lhp7E7/PMs8kM00wnMinRWh1ZpHyCJHoy5nFEIohJweDfj7VkRMtY7m 1bYdN6dc5Ys/m1TGYZ0u+fRRkipVLTxNiKlJ0RPubKIOEOWpqz9/HXbFaQe/hX64mVv0 k4evrtj7z1Xh83Mkd7ChuXd4qi59Gv8Lh3IsQiAf87f32yb8YPhcp1oWi0o1YuKxVYl6 Xw2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713365545; x=1713970345; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FLKCAuX4WIaABbX9InrmItduwM4DIqWdP7ws9gZc7Pc=; b=mHlsjRDfIf/W0FtEAlazTwicP7g7zqxRcygwU7MJciTTqL+iQh08WyJhl+FwZjaZ8D 65Ii7lRhVYv8IsFrZ+qHcuxt+Us8jhQT/NMLYTvVVQaqQ4Tu8FHSA65v6ZzsEru5VZTY x3s+KcVFOE/r7OEE9dpFOPvit5EKHHQOpCrSHADPeM6Xvap4ZrvA5IfdpebVMIDJhnmB b338y8EWEq9pL4GjedF/NW/FSivg/+xhGYltEi1SeQXLvFA0zBahET3y0aoPafuHIp0r AY2m4iTNRGSchIRbO8fPBSJT6OvtWYMq668OSKCoA4xVhf1anmrv7T32J1J+/kdUzsuD 9enw== X-Gm-Message-State: AOJu0Yw6vn3Dg6XSfNoJuhnQIaEmeq5CaEWY8rQSfSXtpYP8IMS2YajP xYsK5Q71AtRlDg1Kp3RetgBAc9xLU3wPz/8kh3bB/Fg5Hl9vBQzKlyy6mV9duXo6T+lHYHice3b NQg6kJ5Ln6FBntDZSyGCaRs0fqDrr7WAS X-Received: by 2002:a05:651c:10cc:b0:2d8:67a0:61b2 with SMTP id l12-20020a05651c10cc00b002d867a061b2mr10973526ljn.20.1713365544572; Wed, 17 Apr 2024 07:52:24 -0700 (PDT) MIME-Version: 1.0 References: <20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de> <20240331202502.GA21116@openwall.com> <20240416225900.GA23474@openwall.com> <661F3331.3020408@gmail.com> In-Reply-To: <661F3331.3020408@gmail.com> From: Loganaden Velvindron Date: Wed, 17 Apr 2024 18:52:11 +0400 Message-ID: To: oss-security@lists.openwall.com Content-Type: text/plain; charset="UTF-8" Subject: Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise > > Concerning, yes, but not quite the "Jia Tan" /modus operandi/---"Jia" > seems to have been contributing patches for some time (with sockpuppets > pushing their acceptance as needed) before making a move to be appointed > co-maintainer of xz. This looks to me like the common cybercrooks have > seen the technique, decided that it sounds like a great idea, and are > now trying to use it, but do not have the patience that the "Jia Tan" > gang had. In other words, now the "Nigerian Princes" want to help you > maintain your project, just give them write access to the source > repository up front. :-P > Hi. Not all Africans try to scam people. There are people in Africa who contribute to Linux and Open Source software such as auditing compression libraries for similar backdoors. (I'm from an African country - Mauritius - and we have a vibrant community of FOSS contributors ...)