10 years after I pointed out the risk of a Ripple backdoor due to Ripple not PGP signing their software or providing any other way to get it securely... there's a a Ripple backdoor due to an npm compromise. 😂
https://github.com/petertodd/ripple-consensus-analysis-paper/blob/master/paper.pdf
In fairness, at the moment my python-bitcoinlib library isn't PGP signed for most users because PyPi made the idiotic decision to phase out PGP signatures. But my hands are tied on that; the entire software industry is incompetent.
What are the chances these are actually intentional bugs created and inserted into boring and ubiquitous software libraries by NSA agents. We know this is a thing they actually (and proudly) do.
It will be interesting to understand who is the attacker. NK doing a fine work again? They did quite well with Bybit.
Lucky it's worthless
Stay humble and stack zaps ⚡️
But it’s the rail on which all global money shall ride!?
