The process of placing vulnerabilities in the xz project is considered a major cyber attack effort. If this attack is successful, it will create a secret path for bad actors to easily access countless servers. The first person to discover this path was Andres Freund, a programmer at Microsoft who found a vulnerability while testing PostgreSQL, his main job. After the report of this vulnerability, many praised him as an internet hero.
Freund admitted feeling strange about suddenly becoming well-known because he tends to keep to himself. The initial discovery of this secret path was triggered by a warning message in the PostgreSQL automate test system, displaying an unfamiliar message. Upon investigation, it was found that the secure shell consumed more CPU than usual. He then shared this information with security researchers, providing evidence of a deliberate establishment of a secret path.
Despite Freund’s reluctance for fame, Satya Nadella directly praised him, along with cybersecurity expert Alex Stamos. Freund has since returned to developing PostgreSQL, attempting to send patches in a timely manner.
Source: The New York Times
TLDR: Discovering vulnerabilities in the xz project led to Andres Freund being hailed as an internet hero, despite his initial reluctance for recognition. Satya Nadella and Alex Stamos commended him for his efforts in cybersecurity.
Leave a Comment