Avatar
Marcelinho 1y ago

GM #nostr ☕️🌞

the xz utils attack should be a wake-up call for all open source projects. an attack was planned here over a long period of time.

Reply to this note

Please Login to reply.

Discussion

Avatar
🟠 isolabellart 1y ago

GM ☕☀️🎨

Avatar
Layerjack (Onion Knight) 1y ago

Everyone called it a back door, while it was a supply chain attack.

Avatar
Marcelinho 1y ago

exactly, you get to the point

Avatar
ShiShi21m 1y ago

What happened 👀?

Avatar
Marcelinho 1y ago

in my opinion a supply chain attack on open ssh over xz.

https://nvd.nist.gov/vuln/detail/CVE-2024-3094

This time it was discovered (by accident), but how often has it worked or will it work?

Avatar
inventor 1y ago

What is the alternative? Telnet over wireguard?

Avatar
Marcelinho 1y ago

it's more about how to deal with dependencies in projects and how to support small contributors and their work

Avatar
inventor 1y ago

It would be nice having an alternative nonetheless. Just curious if anyone thought of this before.

Avatar
The Zap Master ™ 1y ago

Never underestimate a bad actors patience.

Avatar
franny 1y ago

GM ☀️☀️

Avatar
Marcelinho 1y ago

🫂

Avatar
Luna 1y ago

Good morning ☀️

Avatar
Marcelinho 1y ago

🌞