0 views collected around this technical thread.
The article recounts a real‑world incident where a device’s MAC address could not be changed because a previous engineer deliberately disabled the relevant function, discusses the discovery of the backdoor code, and examines the legal and ethical implications of such intentional vulnerabilities.
Red Hat’s emergency advisory (CVE‑2024‑3094) warns that malicious code was inserted into xz‑utils 5.6.0/5.6.1, creating a remote‑access backdoor that affects only Fedora 41 and Rawhide, traced to attacker JiaT75 who compromised the Tukaani project for three years before GitHub disabled the repository.
A recent security analysis reveals how a malicious contributor infiltrated the open‑source xz compression tool over two and a half years, inserted a backdoor using IFUNC hooks to compromise OpenSSH, and was eventually uncovered due to a CPU‑spike bug, highlighting severe risks for Linux and macOS systems.
The article recounts real-world examples of hidden backdoors in software—from an Android ROM project and Ken Thompson’s compiler-level exploit—to discuss their legal ambiguity in China, highlight the challenges of detection, and conclude with a call for developers to share their own experiences, alongside a promotional Python course.
This article shares three intriguing Zhihu answers that illustrate how developers embed hidden backdoors in software—from contract‑related ROM hacks to compiler‑level exploits—while discussing Chinese legal interpretations and the varying technical sophistication of such vulnerabilities.
The article recounts three Zhihu answers that illustrate how hidden backdoors are used in software projects to secure payments, discusses the ambiguous legal status of such practices in China, and explores historic and advanced backdoor techniques ranging from driver‑level tricks to compiler‑injected vulnerabilities.
This article walks through the discovery, reverse‑engineering, and full reproduction of a malicious Nginx backdoor, detailing its cookie‑based trigger, shell‑reversal mechanism, code analysis, compilation steps, and detection methods for security researchers.
A recent security advisory reveals that popular remote terminal Xshell versions contain a backdoor in the nssock2.dll component, enabling shellcode to harvest host information, generate monthly DGA domains, and potentially expose sensitive data, prompting immediate version checks and upgrades.