Hacker News: Deathcrow

New comment by Deathcrow in "XZ backdoor: "It's RCE, not auth bypass, and gated/unreplayable.""

Deathcrow — Sun, 31 Mar 2024 06:47:11 +0000

This is only correct if the sshd backdoor is the only malicious code introduced into the library.

New comment by Deathcrow in "XZ backdoor: "It's RCE, not auth bypass, and gated/unreplayable.""

Deathcrow — Sun, 31 Mar 2024 06:13:30 +0000

Is there really a failed login attempts? If it never calls the real functions of ssh in case of their own cert+payload why would sshd log anything or even register a login attempt? Or does the backdoor function hook in after sshd already logged stuff?

New comment by Deathcrow in "XZ backdoor: "It's RCE, not auth bypass, and gated/unreplayable.""

Deathcrow — Sun, 31 Mar 2024 05:59:03 +0000

Also, in a more optimistic scenario without sockpuppets, it's unlikely that malicious and underhanded contributions will be caught by anyone that isn't a security researcher.

New comment by Deathcrow in "XZ backdoor: "It's RCE, not auth bypass, and gated/unreplayable.""

Deathcrow — Sun, 31 Mar 2024 05:51:34 +0000

>A very tight SELinux policy could catch sshd executing something that ain’t a shell but hardening to that degree would be extremely rare I assume.

Huh, ssh executes things that aren't shells all the time during normal operation. No? i.e. 'ssh myserver.lan cat /etc/fstab'

New comment by Deathcrow in "Everything authenticated by Microsoft is tainted"

Deathcrow — Fri, 29 Sep 2023 17:40:13 +0000

no one can do what you suggest. it's nonsense.

New comment by Deathcrow in "Patch OpenSSL on November 1 to avoid “critical” security vulnerability"

Deathcrow — Sat, 29 Oct 2022 17:24:49 +0000

companies that abuse on call duty for planned maintenance suck. If it's something predictable or plannable, it's not on call. Hire people to work that day.

New comment by Deathcrow in "Kiwi Farms is down across all domains as DDoS-Guard terminates service"

Deathcrow — Mon, 05 Sep 2022 18:49:24 +0000

Facebook has probably killed more people with face detection and name tagging in photos alone.

New comment by Deathcrow in "Blocking Kiwifarms"

Deathcrow — Sun, 04 Sep 2022 14:52:15 +0000

>Is this real? I'm having trouble believing this shit.

Yes it's real and if you think making and distributing homemade hormones to children is vile and dangerous, you're apparently a transphobe nowadays.

New comment by Deathcrow in "Google Search Is Dying"

Deathcrow — Tue, 15 Feb 2022 21:06:09 +0000

Yup. IMHO spam has become so good at mimicking genuine content, it's hard to recognize even for a human curator. There's so many websites in the top google results that I'm sure are entirely AI generated, which exist for the sole purpose to propagate affiliate links and ads.

New comment by Deathcrow in "Game dev: Linux users were only 0.1% of sales but 20% of crashes and tickets"

Deathcrow — Mon, 07 Jan 2019 16:31:29 +0000

I'm sure those statistics are entirely real and not pulled out of his ass at all.

Also didn't Planetary Annihilation have that awful chromium based UI?