Summary of how XZ Utils received a backdoor. They just missed that the main maintainer was burned out before the attack started 1.5 years ago. This is the FOSS version of SIM SWAPs.
Discussion
Thx for sharing.
And all that effort for almost nothing.
We don't know when attacks like these work.
We only know when we catch them.
How many have you catch so far? I mean, proven attacks, not bugs.
None, I am not a security dev. These things require full-time pros to find.
this tool demo "SocketSecurity" is a big help to evaluate dependency threats!
solarwinds vibes
They played the long game.
Can only imagine that the Bitcoin Core repo has long been targeted. Hell, implementation forks like Knots with only a handful of developers are prime targets for a similar strategy.
crazy how it was found out by a curious guy wondering about his CPU's usage