Possibly linuxtoLinux@lemmy.mlEnglish·7 months agoXZ backdoor in a nutshell(lemmy.zip)imagearrow-up11.23Karrow-down110message-square162 fedilink
arrow-up11.22Karrow-down1imageXZ backdoor in a nutshell(lemmy.zip)Possibly linuxtoLinux@lemmy.mlEnglish·7 months agomessage-square162 fedilink
minus-squarePossibly linuxOPEnglisharrow-up19arrow-down1·7 months agolinkfedilinkI think we need focus on zero trust when it comes to upstream software
minus-squarejackpotarrow-up2arrow-down0·7 months agolinkfedilinkexactly, stop depending on esoteric libraries
minus-squarePossibly linuxOPEnglisharrow-up1arrow-down0·7 months agolinkfedilinkIt is fine to use them just know how they work and check the commit log. That of course requires you to pull from got instead of a tarball
minus-squarebillgamesharrow-up1arrow-down0·7 months agolinkfedilinkthis was well hidden. not sure anyone would have spotted this by checking commit log
minus-squarePossibly linuxOPEnglisharrow-up1arrow-down0·7 months agolinkfedilinkIt was hidden in the Tarball
minus-squarebillgamesharrow-up1arrow-down0·7 months agoedit-27 months agolinkfedilinki’m not an expert, but my reading was that it was hidden in a binary used for testing EDIT: oh yeah, i see what you mean
I think we need focus on zero trust when it comes to upstream software
exactly, stop depending on esoteric libraries
It is fine to use them just know how they work and check the commit log.
That of course requires you to pull from got instead of a tarball
this was well hidden. not sure anyone would have spotted this by checking commit log
It was hidden in the Tarball
i’m not an expert, but my reading was that it was hidden in a binary used for testing EDIT: oh yeah, i see what you mean