19 min
XZ Utils Hack Let's Know Things
-
- News Commentary
This week we talk about Linux, backdoors, and the Open Source community.
We also discuss CPU usage, state-backed hackers, and SSH.
Recommended Book: The Underworld by Susan Casey
Transcript
In the world of computers, a "backdoor" is a means of accessing a device or piece of software via an alternative entry point that allows one to bypass typical security measures and often, though not always, to do so in a subtle, undetected and maybe even undetectable manner.
While backdoors can be built into hardware and software systems by the companies that make those devices and apps and bits of internet architecture, and while some governments and agencies, including the Chinese government, and allegedly folks at the NSA, have at times installed backdoors in relevant hardware and software for surveillance purposes, backdoors are generally the domain of tech-oriented criminals of various stripes, most of whom make use of vulnerabilities that are baked into their targets in order to gain access, and then while inside the administration components of a system, they write some code or find some kind of management lever meant to give the company or other entity behind the target access for non-criminal, repair and security purposes, and that then allows them to continue to gain access in the future; like using a rock to prop open a door.
Concerns over a backdoor being installed in vital systems is fundamental to why the US and European governments have been so hesitant to allow Chinese-made 5G hardware into their wireless communication systems: there's a chance that, with the aid, or perhaps just at the prodding of the Chinese government, such hardware, or the software it utilizes, could contain a Trojan or other packet of code, hidden from view and hardcoded into the devices in some covert manner; these devices could also harbor even smaller devices, indistinguishable from hardware that's meat to be there, that would allow them to do the same via more tangible means.
Though there were almost certainly other economic and technology-dominance reasons for the clampdown on products made by Chinese tech company Huawei beginning in earnest in 2012, and escalating rapidly during the US Trump administration, that process was at least ostensibly tied to worries that a Chinese company, prone to spying and stealing foreign tech, already, might incorporate itself into fundamental global communication infrastructure.
It was underpricing everybody else, offering whizbang new high-end 5G technology at a discount, and supposedly, if the accusations are true, at least, doing so as part of a bigger plan to tap into all sorts of vital aspects of these systems, giving them unparalleled access to all communications, basically, but also giving them the ability, supposedly, to shut down those systems with the press of a button in the event that China wants or needs to do so at some point, if they ever decide to invade Taiwan, for instance, and want to distract the Western world until that invasion is complete, or just make rallying a defense a lot more difficult.
Other, confirmed and successfully deployed backdoors have been found in all sorts of products, ranging from counterfeit Cisco network products, like routers and modems, some of which were installed in military and government facilities back in 2008 before they were recognized for what they were, to Microsoft software, Wordpress plugins, and a brand of terminals that manage the data sent along fiber-optic cables, mostly for high-speed internet purposes.
Again, in some cases, the entities making these products sometimes do install what are literally or essentially backdoors in their hardware and software because it allows them to, for instance, help their customers retrieve lost passwords, fix issues, install security updates, and so on.
But backdoors of any shape or size are considered to be major security vulnerabilities, as stealing a password or getting access to a vital terminal could then grant so
This week we talk about Linux, backdoors, and the Open Source community.
We also discuss CPU usage, state-backed hackers, and SSH.
Recommended Book: The Underworld by Susan Casey
Transcript
In the world of computers, a "backdoor" is a means of accessing a device or piece of software via an alternative entry point that allows one to bypass typical security measures and often, though not always, to do so in a subtle, undetected and maybe even undetectable manner.
While backdoors can be built into hardware and software systems by the companies that make those devices and apps and bits of internet architecture, and while some governments and agencies, including the Chinese government, and allegedly folks at the NSA, have at times installed backdoors in relevant hardware and software for surveillance purposes, backdoors are generally the domain of tech-oriented criminals of various stripes, most of whom make use of vulnerabilities that are baked into their targets in order to gain access, and then while inside the administration components of a system, they write some code or find some kind of management lever meant to give the company or other entity behind the target access for non-criminal, repair and security purposes, and that then allows them to continue to gain access in the future; like using a rock to prop open a door.
Concerns over a backdoor being installed in vital systems is fundamental to why the US and European governments have been so hesitant to allow Chinese-made 5G hardware into their wireless communication systems: there's a chance that, with the aid, or perhaps just at the prodding of the Chinese government, such hardware, or the software it utilizes, could contain a Trojan or other packet of code, hidden from view and hardcoded into the devices in some covert manner; these devices could also harbor even smaller devices, indistinguishable from hardware that's meat to be there, that would allow them to do the same via more tangible means.
Though there were almost certainly other economic and technology-dominance reasons for the clampdown on products made by Chinese tech company Huawei beginning in earnest in 2012, and escalating rapidly during the US Trump administration, that process was at least ostensibly tied to worries that a Chinese company, prone to spying and stealing foreign tech, already, might incorporate itself into fundamental global communication infrastructure.
It was underpricing everybody else, offering whizbang new high-end 5G technology at a discount, and supposedly, if the accusations are true, at least, doing so as part of a bigger plan to tap into all sorts of vital aspects of these systems, giving them unparalleled access to all communications, basically, but also giving them the ability, supposedly, to shut down those systems with the press of a button in the event that China wants or needs to do so at some point, if they ever decide to invade Taiwan, for instance, and want to distract the Western world until that invasion is complete, or just make rallying a defense a lot more difficult.
Other, confirmed and successfully deployed backdoors have been found in all sorts of products, ranging from counterfeit Cisco network products, like routers and modems, some of which were installed in military and government facilities back in 2008 before they were recognized for what they were, to Microsoft software, Wordpress plugins, and a brand of terminals that manage the data sent along fiber-optic cables, mostly for high-speed internet purposes.
Again, in some cases, the entities making these products sometimes do install what are literally or essentially backdoors in their hardware and software because it allows them to, for instance, help their customers retrieve lost passwords, fix issues, install security updates, and so on.
But backdoors of any shape or size are considered to be major security vulnerabilities, as stealing a password or getting access to a vital terminal could then grant so
19 min