|
Message-ID: <ZhZ35yK_jt2nlegH@debian>
Date: Wed, 10 Apr 2024 13:28:39 +0200
From: Alejandro Colomar <alx@...nel.org>
To: oss-security@...ts.openwall.com
Cc: Sam James <sam@...too.org>, Joey Hess <id@...yh.name>,
Jonathan Nieder <jrnieder@...il.com>,
Andres Freund <andres@...razel.de>,
Lasse Collin <lasse.collin@...aani.org>, xz@...aani.org,
secalert@...hat.com, team@...urity.debian.org
Subject: Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git
On Wed, Apr 10, 2024 at 05:16:52AM +0200, Alejandro Colomar wrote:
> Hi!
>
> Regarding <https://tukaani.org/xz-backdoor/>
>
> I've been researching xz.git to learn about this malicious actor, and
> who he might have worked for.
>
> This Jia Tan seems to work mostly with the +0800 timezone:
>
> $ git log --all --author 'Jia Tan' \
> | grep ^Date \
> | grep -o '[+-][0-9][0-9][0-9]0' \
> | sort \
> | uniq -c;
> 4 +0200
> 10 +0300
> 676 +0800
>
> According to <https://www.timeanddate.com/time/map/>, in the summer,
> +0800 corresponds to China, or Taiwan, or Hong Kong, or Irkutsk (Russia),
> or Philippines or other small countries around it. None of the regions
> in +0800 use DST.
For completeness, the list of tz database time zones that have +0800,
according to
<https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>, are:
AQ Antarctica/Casey
BN Asia/Brunei
MN Asia/Choibalsan
CN Asia/Chongqing
CN Asia/Chungking
CN Asia/Harbin
HK Asia/Hong_Kong
RU Asia/Irkutsk
MY Asia/Kuala_Lumpur
MY, BN Asia/Kuching
MO Asia/Macao
MO Asia/Macau
ID Asia/Makassar
PH Asia/Manila
CN Asia/Shanghai
SG, MY Asia/Singapore
TW Asia/Taipei
ID Asia/Ujung_Pandang
MN Asia/Ulaanbaatar
MN Asia/Ulan_Bator
AU Australia/Perth
AU Australia/West
HK Hongkong
CN PRC
TW ROC
SG Singapore
>
> +0300 corresponds to, among others, Israel and Moscow, and then a bunch
And the time zones that have +0300 in the summer and +0200 in the
winter are:
EG Africa/Cairo
LB Asia/Beirut
CY Asia/Famagusta
PS Asia/Gaza
PS Asia/Hebron
IL Asia/Jerusalem
CY Asia/Nicosia
IL Asia/Tel_Aviv
EG Egypt
GR Europe/Athens
RO Europe/Bucharest
MD Europe/Chisinau
FI, AX Europe/Helsinki
UA Europe/Kiev
UA Europe/Kyiv
AX Europe/Mariehamn
CY Europe/Nicosia
LV Europe/Riga
BG Europe/Sofia
EE Europe/Tallinn
MD Europe/Tiraspol
UA Europe/Uzhgorod
LT Europe/Vilnius
UA Europe/Zaporozhye
IL Israel
--
<https://www.alejandro-colomar.es/>
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.