Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mstdn.io/users/wolf480pl/statuses/112186995514898602">Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 31-Mar-2024 08:24:11 JST</a><a href="https://mstdn.io/@wolf480pl" title="wolf480pl@mstdn.io"><img src="https://gnusocial.jp/avatar/6007-48-20230307202553.webp" width="48" height="48" alt="Wolf480pl" style="position: absolute; left: 0; top: 0;">Wolf480pl</a><div><a href="https://mastodon.social/@itsmeholland/112186798960771360" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://mastodon.social/@itsmeholland">@itsmeholland</a> <a href="https://social.treehouse.systems/@astraleureka">@astraleureka</a> <br>It's not that it took long to discover, it's that it took an incredibly lucky coincidence, and a mistake on the attacker's part.</p><p>There could be 50 more backdoors like this that we don't know about and there's no reason for them to be caught.</p><p>Part of the problem is that some parts of open-source software (eg. build scripts) are often hard to audit despite being open-source (this is fixable).</p><p>Another part is insufficient amount of people wants to audit software.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2882942#notice-5728655">In conversation</a><time datetime="2024-03-31T08:24:11+09:00" title="Sunday, 31-Mar-2024 08:24:11 JST">about 8 months ago</time> <span>from <span><a href="https://mstdn.io/@wolf480pl/112186995514898602" rel="external" title="Sent from mstdn.io via ActivityPub">mstdn.io</a></span></span><a href="https://mstdn.io/@wolf480pl/112186995514898602">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 31-Mar-2024 08:24:11 JSTWolf480pl
in reply to
- aggressively biphasic sleeper
@itsmeholland @astraleureka
It's not that it took long to discover, it's that it took an incredibly lucky coincidence, and a mistake on the attacker's part.
There could be 50 more backdoors like this that we don't know about and there's no reason for them to be caught.
Part of the problem is that some parts of open-source software (eg. build scripts) are often hard to audit despite being open-source (this is fixable).
Another part is insufficient amount of people wants to audit software.
In conversationabout 8 months ago from mstdn.iopermalink

Public

Embed Notice

HTML Code

Corresponding Notice