oss-sec mailing list archives
Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git
From: Alejandro Colomar <alx () kernel org>
Date: Wed, 10 Apr 2024 13:28:39 +0200
On Wed, Apr 10, 2024 at 05:16:52AM +0200, Alejandro Colomar wrote:
Hi! Regarding <https://tukaani.org/xz-backdoor/> I've been researching xz.git to learn about this malicious actor, and who he might have worked for. This Jia Tan seems to work mostly with the +0800 timezone: $ git log --all --author 'Jia Tan' \ | grep ^Date \ | grep -o '[+-][0-9][0-9][0-9]0' \ | sort \ | uniq -c; 4 +0200 10 +0300 676 +0800 According to <https://www.timeanddate.com/time/map/>, in the summer, +0800 corresponds to China, or Taiwan, or Hong Kong, or Irkutsk (Russia), or Philippines or other small countries around it. None of the regions in +0800 use DST.
For completeness, the list of tz database time zones that have +0800, according to <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>, are: AQ Antarctica/Casey BN Asia/Brunei MN Asia/Choibalsan CN Asia/Chongqing CN Asia/Chungking CN Asia/Harbin HK Asia/Hong_Kong RU Asia/Irkutsk MY Asia/Kuala_Lumpur MY, BN Asia/Kuching MO Asia/Macao MO Asia/Macau ID Asia/Makassar PH Asia/Manila CN Asia/Shanghai SG, MY Asia/Singapore TW Asia/Taipei ID Asia/Ujung_Pandang MN Asia/Ulaanbaatar MN Asia/Ulan_Bator AU Australia/Perth AU Australia/West HK Hongkong CN PRC TW ROC SG Singapore
+0300 corresponds to, among others, Israel and Moscow, and then a bunch
And the time zones that have +0300 in the summer and +0200 in the winter are: EG Africa/Cairo LB Asia/Beirut CY Asia/Famagusta PS Asia/Gaza PS Asia/Hebron IL Asia/Jerusalem CY Asia/Nicosia IL Asia/Tel_Aviv EG Egypt GR Europe/Athens RO Europe/Bucharest MD Europe/Chisinau FI, AX Europe/Helsinki UA Europe/Kiev UA Europe/Kyiv AX Europe/Mariehamn CY Europe/Nicosia LV Europe/Riga BG Europe/Sofia EE Europe/Tallinn MD Europe/Tiraspol UA Europe/Uzhgorod LT Europe/Vilnius UA Europe/Zaporozhye IL Israel -- <https://www.alejandro-colomar.es/>
Attachment:
signature.asc
Description:
Current thread:
- Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar (Apr 10)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar (Apr 10)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Joey Hess (Apr 10)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar (Apr 10)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Vegard Nossum (Apr 10)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar (Apr 10)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Solar Designer (Apr 10)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer (Apr 11)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar (Apr 11)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer (Apr 12)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar (Apr 12)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer (Apr 13)
- Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer (Apr 11)