Replying to Avatar Vitor Pamplona

Summary of how XZ Utils received a backdoor. They just missed that the main maintainer was burned out before the attack started 1.5 years ago. This is the FOSS version of SIM SWAPs.
Avatar
Javier 1y ago

And all that effort for almost nothing.

Reply to this note

Please Login to reply.

Discussion

Avatar
Vitor Pamplona 1y ago

We don't know when attacks like these work.

We only know when we catch them.

Avatar
Javier 1y ago

How many have you catch so far? I mean, proven attacks, not bugs.

Avatar
Vitor Pamplona 1y ago

None, I am not a security dev. These things require full-time pros to find.

Avatar
MarcG 1y ago

this tool demo "SocketSecurity" is a big help to evaluate dependency threats!

https://twitter.com/nisten/status/1774424170664689720

Avatar
Diacone Frost 1y ago

solarwinds vibes