I'm a little out of touch, but for over a decade I'd say half the boxes I touche... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		BuildTheRobots on March 31, 2024 \| parent \| context \| favorite \| on: XZ backdoor: "It's RCE, not auth bypass, and gated... I'm a little out of touch, but for over a decade I'd say half the boxes I touched either didn't have enough entropy or were trying to do rDNS for (internal) ranges to servers that didn't host it and is nearly always hand waved away by the team running it as NFN. That is to say, a half-second pause during the ssh login is absolutely the _least_ suspicious place place for it to happen and I'm somewhat amazed anyone thought to go picking at it as quickly as they did.

dannyw on March 31, 2024 [–]

What led to continuous investigation wasn't just the 500ms pause, but large spikes in CPU activity when sshd was invoked, even without a login attempt.

BuildTheRobots on March 31, 2024 | [–]

What lead to it was the fact he was already micro-benchmarking postgresql along with a couple of other bits of fluke. We were all extremely lucky.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact