Atemu@lemmy.ml to Linux@lemmy.ml · 8 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square100fedilinkarrow-up1508arrow-down15cross-posted to: netsec@links.hackliberty.orgselfhosted@lemmy.worldlinux@lemmy.worldprogramming@programming.devcybersecurity@sh.itjust.workshackernews@lemmy.smeargle.fanssecurity@lemmy.ml
arrow-up1503arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 8 months agomessage-square100fedilinkcross-posted to: netsec@links.hackliberty.orgselfhosted@lemmy.worldlinux@lemmy.worldprogramming@programming.devcybersecurity@sh.itjust.workshackernews@lemmy.smeargle.fanssecurity@lemmy.ml
minus-squaredan@upvote.aulinkfedilinkarrow-up70·8 months agoThis is the best post I’ve read about it so far: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
minus-squareDefederateLemmyMl@feddit.nllinkfedilinkEnglisharrow-up30·8 months ago In the fallout, we learn a little bit about mental health in open source. Reminded me of this, relevant as always, xkcd:
minus-squarelemmyreader@lemmy.mllinkfedilinkEnglisharrow-up3·8 months agoYes, exactly. And looking at you npm : npm
minus-squareWorseDoughnut 🍩@lemdro.idlinkfedilinkEnglisharrow-up15·8 months agoThat whole timeline is insane, and the fact that anyone even found this in the totally coincidental way they did is very lucky for the rest of us.
This is the best post I’ve read about it so far: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
Reminded me of this, relevant as always, xkcd:
Yes, exactly.
And looking at you npm : npm
That whole timeline is insane, and the fact that anyone even found this in the totally coincidental way they did is very lucky for the rest of us.