Sources
Loading...
Additional media
Loading...
DeepNewz, mobile.
People-sourced. AI-powered. Unbiased News.
A recent cybersecurity incident involving the xz/liblzma vulnerability has raised concerns as attackers exploited maintainer burnout to inject a backdoor after two years of project involvement. The attackers used sock puppets to pressure the previous maintainer into relinquishing control, prompting questions about other potentially compromised projects and the resources required for such attacks.
With the #xz #backdoor any thinking person should be asking themselves, if they could get away with this and just narrowly got caught what else has been compromised to this level but has gone unnoticed?
Some interesting thoughts on the xz compression backdoor in liblzma (and the insertion of what appears to be the attackerās own RSA key in OpenSSH Server on systems that use xz 5.6.x) here: https://t.co/YYRHzOXZcC
In this case, it was an attack predicated on maintainer burnout. But for those that think the biggest issue in open source is vendor license changes, I'd recommend you look to more foundational issues. https://t.co/ilhaAq1Mye