Kevin Beaumont on Nostr: How far the rabbit hole goes - back in 2021 they deliberately introduced an obvious ...
How far the rabbit hole goes - back in 2021 they deliberately introduced an obvious vulnerability in the compression library libarchive. Nobody noticed. This is shipped in a ton of systems:
https://github.com/libarchive/libarchive/pull/1609Whoever the threat actor is knows what they are doing as they’ve gone after chained dependencies around compression.
Published at
2024-03-30 12:09:49Event JSON
{
"id": "986ba52a22b92774a791d484f31a002e0229c1cea4be05e8d9218bc151895548",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1711800589,
"kind": 1,
"tags": [
[
"e",
"100bbc910fe61f894aac54866308a8170c2f7c1bff6ebc38a5a000d73fb0071a",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/112184563423734235",
"activitypub"
]
],
"content": "How far the rabbit hole goes - back in 2021 they deliberately introduced an obvious vulnerability in the compression library libarchive. Nobody noticed. This is shipped in a ton of systems: \nhttps://github.com/libarchive/libarchive/pull/1609\n\nWhoever the threat actor is knows what they are doing as they’ve gone after chained dependencies around compression.",
"sig": "05ec2e5b0bc59cafb98876b5fdaf7c3745325cdfaf943d804940eeda322fe6e6c42fe979f50f72b2c5a07133fb721d7901ea6b9bca70720db5b039ec50f7de9f"
}
