On 4/6/24 09:15, Thomas Schmitt wrote:
Hi,
Nicholas Geovanis wrote:
But what if next time the back-doored software _does_ build without error?
The initial build problems did not cause suspicion.
It was the CPU load of sshd and an obscure complaint by valgrind which
caused the discovery.
Hi,
Nicholas Geovanis wrote:
> But what if next time the back-doored software _does_ build without error?
The initial build problems did not cause suspicion.
It was the CPU load of sshd and an obscure complaint by valgrind which
caused the discovery.
On Fri, Apr 5, 2024, 1:39 PM wrote:
> On Fri, Apr 05, 2024 at 12:27:03PM -0400, Cindy Sue Causey wrote:
> > Hi, All..
> >
> > This just hit my emails seconds ago. It's the most info that I've
> > personally read about the XZ backdoor exploit. I've been following
> > NextGov as a friendly, plain
Cindy Sue Causey wrote:
> Continues to sound like one single perp is destroying the TRUST
> factor that an untold number of future programmers must meet. That's
> heartbreaking.
It has never sounded like a single perp to me. 'Jia Tan' is an obvious
sock puppet as are the other names who pushed
I will note that open source software has, by definition, a lot more
eyes looking at the source. Which is probably why (as Tomas said)
"proprietary software tends to fare significantly worse."
--
JHHL
On Fri, Apr 05, 2024 at 08:38:36PM +0200, to...@tuxteam.de wrote:
[...]
> No, on the contrary. First of all, it is great that it has been
> caught /before/ it could cause much harm [...]
...and of course kudos and thans to Andres Freund who spotted
the thing!
Cheers
--
t
signature.asc
* On 2024 05 Apr 11:28 -0500, Cindy Sue Causey wrote:
> Hi, All..
>
> This just hit my emails seconds ago. It's the most info that I've
> personally read about the XZ backdoor exploit. I've been following
> NextGov as a friendly, plain language resource about government:
>
> Linux backdoor was a
On Fri, Apr 05, 2024 at 12:27:03PM -0400, Cindy Sue Causey wrote:
> Hi, All..
>
> This just hit my emails seconds ago. It's the most info that I've
> personally read about the XZ backdoor exploit. I've been following
> NextGov as a friendly, plain language resource about government:
>
> Linux
Hi, All..
This just hit my emails seconds ago. It's the most info that I've
personally read about the XZ backdoor exploit. I've been following
NextGov as a friendly, plain language resource about government:
Linux backdoor was a long con, possibly with nation-state support, experts say;
By David
9 matches
Mail list logo