What is Nostr?
Joe Cooper /
npub1u36…xlpg
2024-03-29 21:10:09

Joe Cooper on Nostr: Does everyone understand how much luck was involved in this exploit in #xz being ...

Does everyone understand how much luck was involved in this exploit in #xz being discovered so quickly? And, what it tells us about the attacker?

This was a subtle and sophisticated attack implemented over _years_. The attacker was made a co-maintainer two years ago, and they made numerous innocuous-looking and seemingly unrelated changes over that time, sometimes through a second account, that eventually added up to a backdoor. Along with many innocent commits, too. #Linux
Author Public Key
npub1u36rqkvjju6f6dtzahkp005qrl9y4qamu8j3rpme4df4d6ry6l8qu0xlpg