11 backdoor in upstream xz/liblzma leading to ssh server compromise (openwall.com) posted 252 days ago by SuicideTruthbomber 252 days ago by SuicideTruthbomber +12 / -1 11 comments share 11 comments share save hide report block hide replies
Strong passwords are still vital.
EDIT: This is not controversial.
For anyone else reading, don't use bad passwords. Giving people bad security advice is one of the oldest tricks in the book.
Nobody sane "dynamically builds their servers in-real time" from untested repos. Nobody.
Yes, the backdoor was bad, but was not widely distributed / installed (Yet).
It was not in the release trees, it was in test trees.
Only fucking morons update their production dockers out of test trees.
I guess I live in a different IT industry from yours....
Kids with no education may do it, 'cos they want to live on the bleeding edge and don't care for operational stability.
My generation who've been slapped around for a few decades absolutely do not. They are too scarred, afraid, lazy and somewhat wiser not to do so.
Guess therein lies the difference.