it might be the biggest “cyber” story of the year 2024 already: buy this guy MANY MANY COFFEES! he spotted the problem via know how but also luck 😀

possible solutions:

  • mankind really has to
    • value the value of Open Source
    • get organized to avoid such problems in the future
    • the “multi eye ball” principle worked in this case but more or less by accident, because the attack was sophisticated, long-term and highly obfuscated

how to manually start sshd:

hostnamectl; # tested on
Operating System: Debian GNU/Linux 12 (bookworm) 
Kernel: Linux 6.1.0-18-amd64
Architecture: x86-64

service ssh stop

mkdir /run/sshd; time env -i LANG=C /usr/sbin/sshd -h /etc/ssh/ssh_host_ed25519_key;
real 0m0.006s
ps uax|grep ssh

killall sshd

mkdir /run/sshd; time env -i LANG=C TERM=bla /usr/sbin/sshd -h /etc/ssh/ssh_host_ed25519_key;
real 0m0.006s
ps uax|grep ssh
killall sshd


“In the cybersecurity world, a database engineer inadvertently finding a backdoor in a core Linux feature is a little like a bakery worker who smells a freshly baked loaf of bread, senses something is off and correctly deduces that someone has tampered with the entire global yeast supply.”

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!