Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/112202967577254451">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 03-Apr-2024 03:11:51 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250105013211.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/112202829879199522" rel="in-reply-to">in reply to</a></div></section><article><p>Re <a href="https://cyberplace.social/tags/XZ" rel="tag">#XZ</a> attacker - the known threat actor account made various changes across multiple open source projects and documentation. </p><p>Library maintainers should not look at those changes in isolation of just that line change, or assume the threat actor only became malicious later.  Assume they have very well resourced and acting with broad objectives. </p><p>In at least one case they made an existing unknown vulnerability exploitable, and we know they were socially engineering the XZ maintainer years ago.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2881363#notice-5748874">In conversation</a><time datetime="2024-04-03T03:11:51+09:00" title="Wednesday, 03-Apr-2024 03:11:51 JST">about 10 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/112202967577254451" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/112202967577254451">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 03-Apr-2024 03:11:51 JST Kevin Beaumont
in reply to
Re #XZ attacker - the known threat actor account made various changes across multiple open source projects and documentation.
Library maintainers should not look at those changes in isolation of just that line change, or assume the threat actor only became malicious later. Assume they have very well resourced and acting with broad objectives.
In at least one case they made an existing unknown vulnerability exploitable, and we know they were socially engineering the XZ maintainer years ago.
In conversationabout 10 months ago from cyberplace.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice