 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
The story about the Linux xz backdoor exploit transforms our open source world into a human drama as compelling as any fiction.
Our story begins with a mysterious maintainer who has planted a backdoor. The backdoor only works under certain circumstances, but when it does, access gets granted to a place where they are not supposed to enter — at all.
As Joab Jackson writes, think of it as someone whose home got robbed. Except they have no clue when it happened or what was stolen.
But no secret can be kept forever, especially when a diligent soul’s curiosity leads to an odd discovery.
It’s the equivalent of someone working, let’s say, in a castle (enterprise). They’re doing their job, organizing, maintaining and cleaning up. One day, they notice a big cabinet out of place. They bump the cabinet, and a door appears.
The discovery is startling and disturbing. Who made that door? Where does the path lead behind the door? Has a burglar been in the castle? How long has the door been there?
Now, the threat is real. The castle no longer feels safe, and the danger feels palpable. There are clues. People who have spent time in the castle come forward to tell their stories. Staff checks the records. They learn of an employee who worked for them under a false name.
We see that now in the emerging story about the Linux xz back door. The complexity deepens with each passing day.
We hear so much about trust, but the concept evokes nothing without a story. Crime dramas, adventure stories, and fantasy — all hinge on the characters, storylines and relationships. The same is true in the Linux world, where we now see the more profound impacts of trickery and manipulation and how that combination plays when targeting a victim to get access deep into the castle.
I can see the show:
“So, Jane, did we seal the perimeter?” asks Detective Susan Jenkins.
“Yes, but we’ve got a problem, Detective,” said Inspector Jane Franklin.
“What’s that?”
“First off, we have figured out what triggers the backdoor,” Franklin said.
“That’s good,” Jenkins said.
“Well, we have no idea if this is the only backdoor,” Franklin said. “And this castle is the size of New Jersey.”
“Shit,” Jenkins said. “What else?”
“There are tens of thousands of castles just like this one,” Franklin said. “And they may all have backdoors, too.”
“No way,” Jenkins said. “Dammit — I don’t want even to begin to get upset that every dang castle owner downloads that manual crap for their new doorbell, Who the hell cares if it can compress the image faster.”
“Goddamn injection vectors,” Franklin said. “Just scan them already!”
“Who’ve we got to talk to?” Jenkins asked.
“Well, this is where it gets weird, Detective,” Franklin said. “It looks like we have a dude who does all the work in the castle but got burned and burned badly.”
“By who?” Jenkins asked.
“We’re not sure. Looks like a major criminal network — or even a nation-state.”
To be continued…
