| INDEX | April 6, 2024 | |
| Buy this man a drink! He saved the internet | ||
| I have often posted about the use by so called 'intelligence' agencies of backdoors. Those who take an interest in this seemingly arcane subject (but really one of the most significant threats to personal liberty in these dangerous times) probably thought this was all about internet organisations making it possible for their systems to be infiltrated by state actors.
This must be a real threat judging by the fuss being kicked up in America about TickTock. Clearly the Americans believe that TickTock data will leak out to the Chinese government. And they believe this because they are already obtaining the same kind of data from American based software outfits. But there are other kinds of backdoors and it is possible they are even more significant. One was spotted by a guy called Andres Freund, an engineer at Microsoft. Yes sometimes, even Microsoft can be the good guys. Andres noticed that SSH was running 500 milliseconds slower than expected. Investigation revealed that malicious software had been embedded into ZX Utils, part of the Linux code that runs much of the internet. This backdoor would have permitted the theft of encrypted data or given the ability to enter viruses. The code was extremely clever, too clever by half; since its sophistication slowed execution allowing Mr Freund to spot the 500 milliseconds delay. Forensic investigation revealed that work on the malicious software tended to stop on days where there were public holidays in Eastern Europe; so it was fairly evident it had nothing to do with the Russians. That would be too easy. But one thing is certain. "The world owes Andres unlimited free beer, said Kevin Beaumont, a cyber security specialist. "He just saved everyone's arse in his spare time." Source: The Economist April 6th 2024, page 74. | ||
| INDEX Jonathan Brind |
April 6, 2024 | |