Kevin BeaumontMar 31, 2024

I don’t agree with all the doom saying about XZ incident.

You just know orgs are going to return after Easter and panic about it unnecessarily (they’re likely still on Redhat 6). It doesn’t impact them as it was caught super early.

Regarding the narrative that there’s nothing that can be done about these type of attacks - I also don’t agree. There’s already a change in the pipeline to systemd which would have prevented it.

The thing needs rational, calm reaction and response.

Show threadJohannesMar 31, 2024
@GossiTheDog RedHat 6 and Windows Server 2012R2 exposed on the internet without having ever seen a single update.
Show threadEarl Novy
@JmbFountain @GossiTheDog Because they are rock solid. The OS is running with such an old software that the malware can’t run on it! <end sarcasm>
Mar 31, 2024 at 3:07pmWeb