backdoor in upstream xz/liblzma leading to ssh server compromise - Conspiracies

backdoor in upstream xz/liblzma leading to ssh server compromise (openwall.com)

posted 268 days ago by SuicideTruthbomber 268 days ago by SuicideTruthbomber +12 / -1

11 comments

11 comments share save hide report block hide replies

You're viewing a single comment thread. View all comments, or full comment thread.

Comments (11)

sorted by:

▲ 1 ▼

– deleted 1 point 268 days ago +1 / -0

▲ 1 ▼

– SuicideTruthbomber [S] 1 point 268 days ago +1 / -0

Strong passwords are still vital.

EDIT: This is not controversial.

permalink parent save report block reply

▲ 1 ▼

– deleted 1 point 268 days ago +1 / -0

▲ 2 ▼

– SuicideTruthbomber [S] 2 points 268 days ago +2 / -0

For anyone else reading, don't use bad passwords. Giving people bad security advice is one of the oldest tricks in the book.

permalink parent save report block reply

▲ 1 ▼

– deleted 1 point 268 days ago +1 / -0

▲ 1 ▼

– factdigger 1 point 268 days ago +1 / -0

Nobody sane "dynamically builds their servers in-real time" from untested repos. Nobody.

Yes, the backdoor was bad, but was not widely distributed / installed (Yet).

permalink parent save report block reply

▲ 1 ▼

– deleted 1 point 268 days ago +1 / -0

▲ 1 ▼

– factdigger 1 point 268 days ago +1 / -0

It was not in the release trees, it was in test trees.

Only fucking morons update their production dockers out of test trees.

permalink parent save report block reply

▲ 1 ▼

– deleted 1 point 268 days ago +1 / -0

... continue reading thread?