jsoref_using_a_screen_reader

@jsoref_using_a_screen_reader@mastodon.social

using #Android #TalkBack / #Apple #VoiceOver

This profile is from a federated server and may be incomplete. Browse more on the original instance.

bagder, to random
@bagder@mastodon.social avatar

There simply is no established or easy way to detect backdoors done the #xz way. We give powers and trust to maintainers because that is the development model.

Anyone suggesting there is an easy fix has not understood the issues at hand.

But we are Open Source which allows everyone to dig, check, read code and investigate.

jsoref_using_a_screen_reader,

@DoctorDNS @bagder I don't understand how this would help.

The attacker was the entire active ecosystem at the time. They chose to deliver the final payload as a source tarball instead of a git commit because they appear to have chosen to target distributions that were consuming the tarballs. But that was a decision of the attacking organization based on their targets' operational practices.

jsoref_using_a_screen_reader,

@stepheneb @DoctorDNS @bagder I'm aware. The message to which I replied didn't say "recompile from git sources"...

But even if it did. The other half of my post stands: the attackers will choose a model based on their target (here the distributors).

In this case, they assembled their attack using one git repository and one source code change in a "source archive". They could in a future attack distribute the components across multiple disparate components with seemingly unrelated maintainers.

jsoref_using_a_screen_reader, to android

@Tusky the ability to get to the add account widget isn't available for #Android #TalkBack users

jsoref_using_a_screen_reader,

@Tusky the widget reachable in #TalkBack after the available profiles is "Edit profile", it skips right over the disclosure row.

[Screenshot of 🦣 Tusky running on a Google Pixel 6a] [Menu on the left side of the screen covering content area:] Josh Soref (w/screen read…

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •