PLEASE. I keep seeing it in memes. As I understand it the latest version of the xz package (present in rolling release distros like Arch and SUSE Tumbleweed) has “a backdoor”, but I have no earthly clue what can be done by malicious folks with access to that backdoor or if I should be afraid or how to check if my distro is compromised or how to prevent damage if it is or (…)

  • Fecundpossum@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    Chances are very, very high, that you are not nearly interesting enough to warrant someone utilizing said back door to discover your stash of furry lewds. The primary target for an exploit like this, is either nation state level (industrial/political espionage, tampering with financial markets, etc.) or criminal enterprise level going after high value targets. Trying to dragnet every random whoever to see if they have data worth compromising wouldn’t be much of a money maker.

    That said, this is one of the dangers of using a rolling release. I was running endeavourOS and was likely exposed to the back door for a while. I’ve since switched back to Fedora, which was only exposed on its testing branch (rawhide).

    • hydroptic@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      The backdoor’s probably not “installed” on anything but Debian & distros that use RPM so Arch would probably have been fine just due to that alone, see eg. this HN comment which summarizes things pretty well.