Jan Schaumann on Nostr: Regarding the #xz backdoor, I've seen statements like "if you're not running a ...
Regarding the #xz backdoor, I've seen statements like "if you're not running a publicly exposed sshd, you're safe". This is not the case and reflects a pretty outdated security mindset. You're still vulnerable, because you shouldn't assume internal connections are inherently trustworthy.
Yes, it limits exposure, but that's not the same - you still have a high-severit incident on your hands. Anyway, just here stating the obvious, as usual. ✌️
Published at
2024-03-30 20:58:24Event JSON
{
"id": "0976eac999c2d1b73a3a840e0ce8791b94c07c4259a8596b75be5a6757269c04",
"pubkey": "16b3a799044e240aa9b9c89a7d168b0d27979db63021eee1157cd7bc0c6a8f47",
"created_at": 1711832304,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"proxy",
"https://mstdn.social/users/jschauma/statuses/112186641890258045",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mstdn.social/users/jschauma/statuses/112186641890258045",
"pink.momostr"
]
],
"content": "Regarding the #xz backdoor, I've seen statements like \"if you're not running a publicly exposed sshd, you're safe\". This is not the case and reflects a pretty outdated security mindset. You're still vulnerable, because you shouldn't assume internal connections are inherently trustworthy.\n\nYes, it limits exposure, but that's not the same - you still have a high-severit incident on your hands. Anyway, just here stating the obvious, as usual. ✌️",
"sig": "5c3f71e0400345bcdeeb4ab36a90b8ac921f0e6e1db675d514aca0b0189f668ef93df1e9343b2c2cdd7336f438be47389822a8987a051820ff17897078962f61"
}
