In this week’s newsletter: An unknown attacker carefully infiltrated Linux over Easter, and very nearly gained access to millions of computers – were it not for one mildly inconvenienced developer
• Don’t get TechScape delivered to your inbox? Sign up here
How was your Easter bank holiday? Did you use it well by, for instance, preventing a globally destructive cyber-attack? No? Try harder, then.
This weekend, a cautious, longstanding and very nearly successful attempt to insert a backdoor into a widely used piece of open-source software was thwarted – effectively by accident. From Dan Goodin at Ars Technica:
Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.
Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it’s not really affecting anyone in the real world”, Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. “BUT that’s only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”
Giving software away for free is great for a whole host of reasons – but quite bad at funding continued development of that software. There have been loads of attempts to fix that, from models of development where the software is free but the support is paid, to big companies directly hiring maintainers of important open-source projects. Lots of projects have ended up in a tip or supporter-focused model (remind you of anyone?), which can work for big complex tasks but falls down for some of the simplest – yet most widely used – pieces of work.
Microsoft will sell its chat and video app Teams separately from its Office product globally, the US tech giant said on Monday, six months after it unbundled the two products in Europe in a bid to avert a possible EU antitrust fine.
The European Commission has been investigating Microsoft’s tying of Office and Teams since a 2020 complaint by Salesforce-owned competing workspace messaging app Slack.
