Rob Allen on Nostr: The interesting thing about the xz attack is that as humans we tend to trust after ...
The interesting thing about the xz attack is that as humans we tend to trust after time has passed.
A senior dev starts working for a company in 2021 is a trusted senior dev by 2024.
Someone starts regularly contributing to an OSS project in 2021 is a maintainer by 2024.
xz is as much a social engineering attack as it is a technical one.
#xz
Published at
2024-03-30 12:42:59Event JSON
{
"id": "478eb6904802035dabe5195735cdf7f02a44478618b2ff78c9433402f8454211",
"pubkey": "fbe09282758c50c2d9cc123bfb2bbae3231652165881d4c44e6750caac5486ad",
"created_at": 1711802579,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"proxy",
"https://social.akrabat.com/users/rob/statuses/112184693855300263",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.akrabat.com/users/rob/statuses/112184693855300263",
"pink.momostr"
]
],
"content": "The interesting thing about the xz attack is that as humans we tend to trust after time has passed.\n\nA senior dev starts working for a company in 2021 is a trusted senior dev by 2024.\n\nSomeone starts regularly contributing to an OSS project in 2021 is a maintainer by 2024.\n\nxz is as much a social engineering attack as it is a technical one.\n\n#xz",
"sig": "79c8442d228ec3f71fc45f42311c96756075e296074dacdce228cb7fa8b309e399c26cd106a3f1ed6818efb13d9b091860f174d6a7532dd9adcea75736f63a88"
}
