@GossiTheDog @emberquill I am just learning about this same as every one else, but these kinds of attacks seem to be high effort, high risk since its public with a good audit trail and all it takes is one curious soul to say "hmm that's weird" to blow the whole thing up. I don't know if there are other better hidden ops out there, but the ones that are confirmed seem to get detected within days and weeks, rarely months and years, or at least that's the layman's impression I have. Is it worth it?
@raven667 @GossiTheDog Debian-unstable was vulnerable for a whole month, and the only reason why this exploit was noticed at all was because one person thought their ssh authentication was too slow and started investigating.
It could have easily remained unnoticed for another month or two.