Markus Feilner (has moved)
#xzbackdoor ... Wow. Four weeks to notice, only hours to fix and a day(?) to deploy. #opensource, #debian, #suse, #redhat, #linux : You Rock! We Rock! Dont tell that to #Microsoft #Apple #Cisco #Ivanti #Fortinet or the like, they will cry.
Mar 31, 2024 at 11:11amWeb
Show threadOkkiMar 31, 2024

@mfeilner

It's worth remembering that it was a Microsoft employee who discovered the backdoor… 😁

Show threadMarkus Feilner (has moved)Mar 31, 2024
@gnomelibre if they only had more like him Sadly for W10 they fired the whole WA/Testing team, am I wrong?
Show threadMarkus FeilnerApr 1, 2024

@mfeilner

Another thought:

The attackers needed probably more than one man year to create, replace and hide the backdoor. It took one performance nerd at Microsoft (and PostgreSQL) and few days to take down the threat. That is
#AsymmetricalWarfare in #opensource #cybersecurity. So powerful.

Show threadMarkus FeilnerApr 1, 2024

Third thought:

We need to make sure that the crucial people in crucial projects are supported. This #xzbackdoor would not have been possible without the maintainer being overloaded. Only that way the hackers could be appointed deputy-in-chief maintainers...

Show threadCCC FreiburgApr 1, 2024
@mfeilner you may add - over holiday
Show threadMarkus Feilner (has moved)Apr 1, 2024
@cccfr Right, school holidays ... Easter
Show threadMarkus Feilner (has moved)Apr 1, 2024
@cccfr I just heard that people from everywhere were checkin' in, no matter how long they'd been out. Even the old farts. I wonder if the statistics will show that... Sure there's gotta be a spike in activity! #opensource rockz.
Show threadMarkus Feilner (has moved)Apr 1, 2024
@cccfr Maybe that is were the Easter Holidays were even helpful... in the end...
Show threadMarkus Feilner (has moved)Apr 6, 2024
@cccfr only a week later it has become main stream news!
Show threadCCC FreiburgApr 6, 2024
@mfeilner still a freakshow of state actor backdooring nearly every server out there.