Open Source

29133 readers

202 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 4 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding (optimizedbyotto.com)

submitted 3 months ago by lemmyreader@lemmy.ml to c/opensource@lemmy.ml

14 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] floofloof@lemmy.ca 9 points 3 months ago* (last edited 3 months ago) (1 children)

It was a huge fluke of luck that the XZ backdoor didn’t go in any actual Linux distribution releases.

It did get into a few, just not the ones corporations are likely to be using.

[–] DetectiveSanity@lemmy.world 9 points 3 months ago (1 children)

I doubt it would have been discovered this fast and easily if it was closed source.

[–] bort@sopuli.xyz 14 points 3 months ago (1 children)

it's safe to assume there are similar issues in closed source. A big part of the snowden leaks was about how NSA could access lots of data at will. It wouldn't surprise me if they also could execute code.

Also there is stuxnet. But I am not sure, if there were intentional backdoors, or only some "natural occuring" RCE.

[–] Kelly@lemmy.world 7 points 3 months ago

It wouldn't surprise me if they also could execute code.

They sat on external blue for 5 year before it was stolen and they disclosed the vulnerability to Microsoft.

https://en.wikipedia.org/wiki/EternalBlue

I don't see why we wouldn't assume there is always something similar in their armoury.