What we know about the xz Utils backdoor that almost infected the world - eviltoast
  • Fubarberry@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    5
    ·
    7 months ago

    Yeah, that’s the scariest part. This was caught, but are there other projects out there that have been attacked with similar methods that no one knows about?

    • trolololol@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      There’s also the ones known by very few people. There’s companies and unofficial groups of people who collect and sell this information. Usually to state governments, off records.

      I don’t think it’s the case for Linux, but I occasionally follow the state of things for bounties offered by Google and Apple to white hat hackers. Though this case is clearly malicious, I understand most vulnerabilities can easily pass as a bug/mistake.