Ben HawkesAug 23, 2024
"OpenSSH Backdoors" -- a few thoughts on supply-chain attacks against OpenSSH, and what we can learn from both historical and modern events. https://blog.isosceles.com/openssh-backdoors/
OpenSSH Backdoors

Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss

Isosceles Blog
Show threadKees Cook (old account)
@hawkes "build systems are a perfect mix of inscrutability and expressiveness" 💯
Aug 23, 2024 at 7:10pmWeb