I don’t agree with all the doom saying about XZ incident.
You just know orgs are going to return after Easter and panic about it unnecessarily (they’re likely still on Redhat 6). It doesn’t impact them as it was caught super early.
Regarding the narrative that there’s nothing that can be done about these type of attacks - I also don’t agree. There’s already a change in the pipeline to systemd which would have prevented it.
The thing needs rational, calm reaction and response.
Kevin Beaumont /
npub176…fkwlw
2024-03-31 10:14:15
Author Public Key
npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlwSeen on
wss://relay.noswhere.comPublished at
2024-03-31 10:14:15Event JSON
{
"id": "7a6eda1158bf972df9e95cc69059f349345dd0dce64091ede84db31f02902dca",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1711880055,
"kind": 1,
"tags": [
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/112189771303153807",
"activitypub"
]
],
"content": "I don’t agree with all the doom saying about XZ incident. \n\nYou just know orgs are going to return after Easter and panic about it unnecessarily (they’re likely still on Redhat 6). It doesn’t impact them as it was caught super early. \n\nRegarding the narrative that there’s nothing that can be done about these type of attacks - I also don’t agree. There’s already a change in the pipeline to systemd which would have prevented it. \n\nThe thing needs rational, calm reaction and response.",
"sig": "aea8bf861209a314a59986372d2200686795513ae78b606cf33145b9854d753123cfd8efa6c408b8e204c56565959b8bcc5c663cb6bbda844e24d425eb5a2d4d"
}