• tal
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    8 months ago

    Apparently the backdoor reverts back to regular operation if the payload is malformed or the signature from the attacker’s key doesn’t verify. Unfortunately, this means that unless a bug is found, we can’t write a reliable/reusable over-the-network scanner.

    Maybe not. But it does mean that you can write a crawler that slams the door shut for the attacker on any vulnerable systems.

    EDIT: Oh, maybe he just means that it reverts for that single invocation.