Email or username:

Password:

Forgot your password?
Kevin's posts Post Back to profile
Top-level
Kevin Beaumont

@emberquill @leeloo @sjuvonen @wdormann yep, good take I think based on what we know so far, disclaimer that I am an idiot

In mid 2023 the presumed attacker got OSS Fuzzer to decrease detection on XZ, in 2022 it looks like significant pressure from multiple accounts was used against the then maintainer and creator to hand over the project.

To me it looks like a lot of work went into this over an extended period, and it all got rumbled due to one person being bored and looking into performance.

30 March at 0:14 | Open on cyberplace.social
3 comments
Raven667

@GossiTheDog @emberquill I am just learning about this same as every one else, but these kinds of attacks seem to be high effort, high risk since its public with a good audit trail and all it takes is one curious soul to say "hmm that's weird" to blow the whole thing up. I don't know if there are other better hidden ops out there, but the ones that are confirmed seem to get detected within days and weeks, rarely months and years, or at least that's the layman's impression I have. Is it worth it?

30 March at 0:32 | Open on hachyderm.io
EmberQuill :v_gf:

@raven667 @GossiTheDog Debian-unstable was vulnerable for a whole month, and the only reason why this exploit was noticed at all was because one person thought their ssh authentication was too slow and started investigating.

It could have easily remained unnoticed for another month or two.

30 March at 0:47 | Open on tech.lgbt
Mathaetaes

@GossiTheDog @emberquill @leeloo @sjuvonen @wdormann once again, some weird nerd’s obsession saves the day.

Weird nerds are the heroes we need, but definitely don’t deserve.

30 March at 1:26 | Open on infosec.exchange
Go Up