Dan GoodinApr 1, 2024

I'm doing my best to make my coverage of the xz backdoor accessible to laypeople while also providing the technical details engineers need. I'm also updating as new info becomes available. I hope it's helpful.,

https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/

What we know about the xz Utils backdoor that almost infected the world

Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.

Ars Technica
Show threadFrUsHiAnTe Apr 2, 2024
@dangoodin viste esto @carloshr
Show thread🄯 CarlOS
@fruchiante @dangoodin si he leído algo sobre eso.
Yo entiendo bien poco como funciona el sistema y los controles que hay para actualizar y liberar software open source, pero me parece que lo ocurrido demuestra que, a pesar de cualquier falencia, de una u otra manera funciona, porque se detectó antes de que fuera liberado de forma masiva.
Apr 2, 2024 at 4:19pmWeb