#jiatan — Public Fediverse posts

Internet estaba a semanas del desastre y nadie lo sabía

«Cómo un solo ataque informático infectó el sistema operativo más importante del mundo».

Vía: @Veritasium en español

#Divulgacioncientífica #Tecnología #Ciencia #Veritasium #DerekMuller #Internet #GNU #Linux # XZUtils #RSA #JiaTan #LasseCollin #AndresFreund

https://www.youtube.com/watch?v=a62HpQpVBh8

Wasn't #Bellingcat doing an entire investigation thing around Jia Tan and the xz stuff.

What happened there?

#JiaTan #XZ

Finally also available in english.

#fern #ssh #xz #backdoor #JiaTan #CozyBear #APT29 #security

https://www.youtube.com/watch?v=F7iLfuci75Y

Finally also available in english.

#fern #ssh #xz #backdoor #JiaTan #CozyBear #APT29 #security

https://www.youtube.com/watch?v=F7iLfuci75Y

Finally also available in english.

#fern #ssh #xz #backdoor #JiaTan #CozyBear #APT29 #security

https://www.youtube.com/watch?v=F7iLfuci75Y

Finally also available in english.

#fern #ssh #xz #backdoor #JiaTan #CozyBear #APT29 #security

https://www.youtube.com/watch?v=F7iLfuci75Y

I fixed a typo in the README; no one cared.

I executed an intricate plan of making significant contributions to the repository over the course of 5 years, became a maintainer, and then added a backdoor; everyone freaked out.

No one notices until you start making big moves.

#opensource #jiatan #nevergiveup

Was wissen wir eigentlich über «Jia Tan»? Ich habe mich mal auf eine Spurensuche begeben. Und dabei herausgefunden, dass man mit der Sicherheitslücke wohl mehrere Milliarden hätte verdienen können.

Ich nehme euch gerne mit auf diese Reise und die Schlussfolgerungen, die sich daraus ergeben.
#JiaTan #xz #Backdoor #xzBackdoor #DNIP
https://dnip.ch/2024/05/14/spurensuche-jia-tan-xz/

Jia Tan changes all Open Source contributions forever.

On my projects: Oh, coming over with a PR for an "innocent" feature are we? Quite the Jia Tan move.

On other projects i am contributing to: just extending this to fix on old obscure version, adding a test... hope no one thinks i'm doing groundwork for a Jia Tan.

#JiaTan #OpenSource

Also #jiatan in #xz: No need to create a PR, we usually cherry-pick and *edit your commits* preserving you as the author. 😏

https://github.com/tukaani-project/xz/issues/18#issuecomment-1994829182

Lasse Collin in commit message: “The other maintainer suddenly disappeared.” 😆

#jiatan #xz
https://github.com/tukaani-project/xz/commit/77a294d98a9d2d48f7e4ac273711518bf689f5c4

Veckans Kodsnack är här: Vi tar hjälp av Peter Magnusson från Säkerhetspodcasten för attreda ut turerna rkring bakdörren i komprimeringsbiblioteket XZ som upptäcktes under påsken.

Bakdörren var gömd i binärfiler för testfall, byggd för att inte märkas, och allt som behövdes hade smutigts in efter en koordinerad kampanj där upphovspersonerna gavs maintainerbehörighet till XZ.

https://kodsnack.se/578/
#säkerhet #xz #jiatan

I haven't gotten any hate-filled emails for the thing I wrote yesterday which can only mean one thing:

Not
Enough
Hashtags!

https://scottarc.blog/2024/04/04/open-source-supply-chains-and-bears-oh-my/

#xz #backdoor #linux #theskyisfalling #nearmiss #jiatan #opensource #oss #foss #funding #cash #dolla #dolla #bill #yo

Do you remember when AT&T rolled back the ksh repository to a version 8 years old dismissing all the changes made in the last years by contributors?
Maybe we can do the same with the last two years of xz-utils?

#xz #XZBackdoor #JiaTan #JiaT75 #JustJoking