Thinking a lot about the #xz backdoor this week. Almost exactly 10 years ago, I... - Random

film_girl, 2 months ago

Thinking a lot about the #xz backdoor this week. Almost exactly 10 years ago, I wrote this about the #Heartbleed attack and how we should do more to support #OSS, especially for important libraries. Sadly, almost all of what I wrote then is still relevant. https://web.archive.org/web/20140420132336/https://mashable.com/2014/04/14/heartbleed-open-source/

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ khalidabuhakmeh, shawnhooper

Image

Image alternative text

theotherlinh, 2 months ago

@film_girl I feel like I'm taking the wrong take from this but... heartbleed was a decade ago!?!? wth happened to time :(

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

film_girl, 2 months ago

@theotherlinh I know!!

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

chockenberry, 2 months ago

@film_girl Business is rarely proactive, instead it reacts.

There will be another back door that succeeds and inflicts a lot of financial damage that insurance policies don’t cover.

Things will change when poorly funded open software affects the bottom line.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

gruber, 2 months ago

@chockenberry @film_girl I’d say the question is whether anyone has already pulled off a similar attack.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

chockenberry, 2 months ago

@gruber @film_girl A smart attacker would still be pulling it off - imagine being able to take $0.01 of every $1 that passes through Apple.

Couch change for a huge company, and even if the back door was discovered, few would want the public attention.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment