This is only correct if the sshd backdoor is the only malicious code introduced into the library.

Is there really a failed login attempts? If it never calls the real functions of ssh in case of their own cert+payload why would sshd log anything or even register a login attempt? Or does the backdoor function hook in after sshd already logged stuff?

I think it would depend on logging level, yeah. I’ve not seen one way or another whether it aborts the login process or prevents logging, but that’s possible, and would obviously be a good idea. Then the question would be if you could detect the difference between a vulnerability-aborted login attempt and just a malformed/interrupted login attempt.

But in the case of this specific attack, probably the safest approach would be to watch and track what processes are being spawned by sshd. Which in retrospect is probably advisable for any network daemon. (Of course, lots of them will be sloppy and messy with how they interact with the system and it might be next to impossible to tell attacks from “legit” behavior. But sshd is probably easier to pin down to what’s “safe” or not.

Depending on log level, isn't there going to be lines up to receiving the payload?

Also, in a more optimistic scenario without sockpuppets, it's unlikely that malicious and underhanded contributions will be caught by anyone that isn't a security researcher.

>A very tight SELinux policy could catch sshd executing something that ain’t a shell but hardening to that degree would be extremely rare I assume.

Huh, ssh executes things that aren't shells all the time during normal operation. No? i.e. 'ssh myserver.lan cat /etc/fstab'

I believe cat will be executed in the shell.

no one can do what you suggest. it's nonsense.

companies that abuse on call duty for planned maintenance suck. If it's something predictable or plannable, it's not on call. Hire people to work that day.

Facebook has probably killed more people with face detection and name tagging in photos alone.

If even only half the material presented in "The social dilemma" was credible, Meta have absolutely been knowingly responsible for more harm than KF. I don't know what the right solution is.

>Is this real? I'm having trouble believing this shit.

Yes it's real and if you think making and distributing homemade hormones to children is vile and dangerous, you're apparently a transphobe nowadays.

Yup. IMHO spam has become so good at mimicking genuine content, it's hard to recognize even for a human curator. There's so many websites in the top google results that I'm sure are entirely AI generated, which exist for the sole purpose to propagate affiliate links and ads.

Yes. It's like the results when people realized you could have a classifier trained to match a person's face, reversed to generate a new face based on the classifier. There are a few extra steps, but the web is just recipe sites and product reviews that look like what the google ranking algorithms idealized site looks like.