lemmyreader@lemmy.ml to

Open Source@lemmy.mlEnglish · 3 months ago

Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding

optimizedbyotto.com

96

Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding

optimizedbyotto.com

lemmyreader@lemmy.ml to

Open Source@lemmy.mlEnglish · 3 months ago

The XZ Utils backdoor, discovered last week, and the Heartbleed security vulnerability ten years ago, share the same ultimate root cause. Both of them, and in fact all critical infrastructure open source projects, should be fixed with the same solution: ensure baseline funding for proper open source maintenance.\n

Chat

Kelly@lemmy.world
link
fedilink
English
arrow-up
7·
3 months ago

It wouldn’t surprise me if they also could execute code.

They sat on external blue for 5 year before it was stolen and they disclosed the vulnerability to Microsoft.

https://en.wikipedia.org/wiki/EternalBlue

I don’t see why we wouldn’t assume there is always something similar in their armoury.

Open Source@lemmy.ml

opensource@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !opensource@lemmy.ml

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

157 users / day
1.05K users / week
3.51K users / month
14.7K users / 6 months
335 local subscribers
28.9K subscribers
2.7K Posts
27.6K Comments
Modlog