Skip Navigation
XZ backdoor in a nutshell
  • A whitelisting application has a list of what it knows it bad AND what it knows in advance to be good.

    How would it know this? Is this defined by a person/people? If so, that wouldn't have mattered. liblzma was known in advance to be good, then the malicious update was added, and people still presumed that it was good.

    This wasn't a case of some random package/program wreaking havoc. It was trusted malicious code.

    Also, you're asking for an antivirus that uploads and uses a sandbox to analyze ALL packages. Good luck with that. (AVs would probably have a hard time detecting malicious build actions, anyways).

  • InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)PO
    Portable4775 @lemmy.zip
    Posts 0
    Comments 7