Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/112184563423734235">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 30-Mar-2024 21:10:34 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250105013211.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/112184532084137978" rel="in-reply-to">in reply to</a></div></section><article><p>How far the rabbit hole goes - back in 2021 they deliberately introduced an obvious vulnerability in the compression library libarchive. Nobody noticed. This is shipped in a ton of systems: <br><a href="https://github.com/libarchive/libarchive/pull/1609" rel="nofollow noreferrer">https://github.com/libarchive/libarchive/pull/1609</a></p><p>Whoever the threat actor is knows what they are doing as they’ve gone after chained dependencies around compression.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2881363#notice-5725549">In conversation</a><time datetime="2024-03-30T21:10:34+09:00" title="Saturday, 30-Mar-2024 21:10:34 JST">about 10 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/112184563423734235" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/112184563423734235">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2438899">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 30-Mar-2024 21:10:34 JST Kevin Beaumont
in reply to
How far the rabbit hole goes - back in 2021 they deliberately introduced an obvious vulnerability in the compression library libarchive. Nobody noticed. This is shipped in a ton of systems:
https://github.com/libarchive/libarchive/pull/1609
Whoever the threat actor is knows what they are doing as they’ve gone after chained dependencies around compression.
In conversationabout 10 months ago from cyberplace.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice