2024-03-30

RT bontchev:

So, kids, what’s the moral of the XZ story?

If you’re going to backdoor something, make sure that your changes don’t impact its performance. Nobody cares about security - but if your backdoor makes the thing half a second slower, some nerd is going to dig it up.

19:56 [/mastodon]

RT bontchev:

So, kids, what’s the moral of the XZ story?

If you’re going to backdoor something, make sure that your changes don’t impact its performance. Nobody cares about security - but if your backdoor makes the thing half a second slower, some nerd is going to dig it up.

19:56 [/bb-atom]

RT SecureOwl:

people are saying the xz backdoor is likely the work of a nation state actor, and given that it appears to been slow rolled for a couple of years and immediately became obsolete before it was fully launched - you do have to admit it bears the hallmarks of a government IT project

11:36 [/mastodon]

RT SecureOwl:

people are saying the xz backdoor is likely the work of a nation state actor, and given that it appears to been slow rolled for a couple of years and immediately became obsolete before it was fully launched - you do have to admit it bears the hallmarks of a government IT project

11:36 [/bb-atom]

RT tpolecat:

Raise your hand if you ever made a paper snake out of tear-off tractor-feed margins.


11:02 [/bb-atom]

RT tpolecat:

Raise your hand if you ever made a paper snake out of tear-off tractor-feed margins.


11:02 [/mastodon]

RT delroth:

xz-utils was backdoored by its upstream. Tracked as CVE-2024-3094 and thoroughly documented by vuln discoverer Andres Freund on oss-security@: openwall.com/lists/oss-securit

10:46 [/mastodon]

RT delroth:

xz-utils was backdoored by its upstream. Tracked as CVE-2024-3094 and thoroughly documented by vuln discoverer Andres Freund on oss-security@: openwall.com/lists/oss-securit

10:46 [/bb-atom]