Which Linux Distro *shouldn't* I pick, and why?| rldane.space
Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.| WIRED
Which Linux Distro *shouldn't* I pick, and why?| rldane.space
Which Linux Distro *shouldn't* I pick, and why?| rldane.space
Which Linux Distro *shouldn't* I pick, and why?| rldane.space
Which Linux Distro *shouldn't* I pick, and why?| rldane.space
Which Linux Distro *shouldn't* I pick, and why?| rldane.space
Über ein Monat ist vergangen und wir wissen immer noch nicht viel über die Hintergründe und Hintermänner der xz-Backdoor. Dies, obwohl die Lücke im besten| Das Netz ist politisch
A summary of aDolus' response to the vulnerability in the #XZ Utils library and how we reassured our customers that they were at no risk from this threat.| blog.adolus.com
In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.| securelist.com
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global Internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an u...| Schneier on Security
The recent cybersecurity catastrophe that wasn’t reveals an untenable situation, one being exploited by malicious actors.| Default
Soylent green is people!| crankysec.com
An impromptu special edition about CVE-2024-3094| www.detectionengineering.net
Fang-Pen Lin's blog about programming| Fang-Pen's coding note
When I stumbled across a post that an encryption library offers a potential backdoor to SSH connectivity on Good Friday, my first thought was: why is it always on a Friday that these things drop? And then my second one: oh bugger, here goes my weekend. Now, I won’t go into the technical details, there are many, many, many, many better resources out there, but I can’t help thinking that this would/should force the software industry to think.| beny23.github.io
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.| WIRED
«Die Feiertage. Die ganzen IT-Abteilungen feiern mit der Familie… Die ganzen IT-Abteilungen? Nein! Eine von unbeugsamen Open-Source-Enthusiasten bevölkerte| Das Netz ist politisch
it's not quite xz but at least my grandma knows what samsung is| maia :3
Deciphering Glyph, the blog of Glyph Lefkowitz.| blog.glyph.im