This attack doesn’t exploit a technical issue or bug, it exploits the open sourc... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tamimio on April 2, 2024 \| parent \| context \| favorite \| on: Timeline of the xz open source attack This attack doesn’t exploit a technical issue or bug, it exploits the open source philosophy, and unless the community will come up with a systematic process to counter it, expect more sophisticated attacks similar to it in the future. This time we got lucky that some smart nerd -I am a nerd too, this is a praise not to be taken in a bad way- noticed and notified the community in less than 20 days of the second backdoor implementation, next time the attack may undergoes more comprehensive “rehearsals” that it will make it impossible to detect.

luyu_wu on April 2, 2024 | [–]

Could've happened just as easily if not more easily with proprietary software.

Vegenoid on April 2, 2024 | [–]

Can you explain what aspects of the open source philosophy were exploited, and what possible mitigations might be?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact