Michał "rysiek" Woźniak · 🇺🇦Mar 30, 2024

Hey it's totally cool that #Microsoft #GitHub blocked access to one of the repositories in the very center of the #xz backdoor saga.  

It's not like a bunch of people are scrambling to try and make sense of all this right now, or that specific commits got linked to directly from media and blogposts and the like.  

Cool, cool. 

#InfoSec #Backdoor

Show threadEsther Payne Mar 30, 2024

@rysiek So hang on, that means that code's in copilot.

But what does that even mean?

Show threadNeia masks
@onepict @rysiek To get the full exploit, it would have to extract the release tarballs, then extract a couple of random files in the test directory, then feed those into the LLM.

One of the key pieces of the exploit seems to be some intentionally botched checking for whether a certain type of sandboxing is available, so that might be affected.
Mar 30, 2024 at 5:41pmWeb