Open [email protected]English • 6 months ago

Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding

optimizedbyotto.com

cross-posted to:
technology

96

Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding

optimizedbyotto.com

Open [email protected]English • 6 months ago

cross-posted to:
technology

The XZ Utils backdoor, discovered last week, and the Heartbleed security vulnerability ten years ago, share the same ultimate root cause. Both of them, and in fact all critical infrastructure open source projects, should be fixed with the same solution: ensure baseline funding for proper open source maintenance.\n

Chat

@Kelly
link
English
7•6 months ago

It wouldn’t surprise me if they also could execute code.

They sat on external blue for 5 year before it was stolen and they disclosed the vulnerability to Microsoft.

https://en.wikipedia.org/wiki/EternalBlue

I don’t see why we wouldn’t assume there is always something similar in their armoury.

Open [email protected]

[email protected]

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

71 users / day
1.15K users / week
4.81K users / month
13.2K users / 6 months
30.5K subscribers
1.55K Posts
25.9K Comments
Modlog