home.social

#openwall — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #openwall, aggregated by home.social.

  1. Kaspersky analysis of the backdoor in XZ | Securelist
    securelist.com/xz-backdoor-sto

    "(...) On March 29, 2024, a single message on the OSS-security mailing list marked an important discovery for the information security, open source and communities: the discovery of a malicious in . (...)

    Unlike other supply chain attacks (...) in Node.js, PyPI (...), this incident was a multi-stage operation that almost succeeded in compromising servers on a global scale. (...)"

  2. #Squid games: In February 2021, #security researcher Joshua Rogers performed a security audit of Squid #proxy and said he uncovered 55 flaws in the project's C++ source code.
    Fast forward to today, and Rogers asserts only 20 of those flaws have been fixed.
    "After two and a half years of waiting, I have decided to release the issues publicly," Rogers wrote in a post to the #Openwall security mailing list.
    We'd like to say don't panic … but maybe?
    theregister.com/2023/10/13/squ