TheKMAP

joined 1 year ago
sorted by: new top controversial old
Backdoor found in widely used Linux utility breaks encrypted SSH connections in c/[email protected]
[–] [email protected] 1 points 7 months ago (1 children)

Your data is about remediation speed not thoroughness of discovery.

Backdoor found in widely used Linux utility breaks encrypted SSH connections in c/[email protected]
[–] [email protected] 0 points 7 months ago

Not really. The most important admin interfaces are the ones you can't lock behind an IP whitelists.

"whitelists good IPs" - OK but what if I need to manage the "good ip" infra, etc

Backdoor found in widely used Linux utility breaks encrypted SSH connections in c/[email protected]
Backdoor found in widely used Linux utility breaks encrypted SSH connections in c/[email protected]
Backdoor found in widely used Linux utility breaks encrypted SSH connections in c/[email protected]
[–] [email protected] 17 points 7 months ago

Bystander effect, yes.

Backdoor found in widely used Linux utility breaks encrypted SSH connections in c/[email protected]
[–] [email protected] 9 points 7 months ago (8 children)

Have those audits you allude to ever caught anything before it went live? Cuz this backdoor has been around for a month and RedHat is affected, too. Plus this was the single owner of a package who is implicitly trusted, it's not like it was a random contributor whose PRs would get reviewed.

The code being open source helps people track it down once they try to debug an issue (performance issue and crashes because in their setup the memory layout was not what the backdoor was expecting), that's true. But what actually triggered the investigation was the bug. After that it's just a matter of time to trace it back to the backdoor. You understimate reverse engineers. Or maybe I'm just spoiled.

How long until US bans code from developers with ties to CN/RU?

Reddit CEO Defends His Absurdly High Pay While Not Paying Mods in c/[email protected]
[–] [email protected] -3 points 7 months ago (1 children)

Companies don't serve staff. Staff is a necessary evil to them.

Reddit CEO Defends His Absurdly High Pay While Not Paying Mods in c/[email protected]
[–] [email protected] 1 points 7 months ago

Exactly. Reddit mods and Wikipedia admins both get to be kings of their little fiefdoms. The power/pride/whatever is payment enough, otherwise they wouldn't be doing it. They are intrinsically motivated.

Being a mod for something you are passionate about is intoxicating. It is an awesome feeling to know you've contributed to the growth of something you care about.

Reddit CEO Defends His Absurdly High Pay While Not Paying Mods in c/[email protected]
[–] [email protected] -5 points 7 months ago (3 children)

Ehhhhh

Stock price is absolutely tied to the perceived performance and anticipated future performance of the company.

The problem is that most departments of a company are profit centers and therefore there is a huge incentive to squeeze the most return (product features, sales, etc) from that investment (your salary). They will abuse you just hard enough so you don't quit. Or they will abuse you endlessly because the churn is factored into it.

The company doing well is only loosely tied to morale. Yes happier employees probably perform better but it's not the best return on the investment.

I'm this close to visiting my "local" branch for all my banking. in c/[email protected]
[–] [email protected] 1 points 8 months ago

OK so use the Pin

I'm this close to visiting my "local" branch for all my banking. in c/[email protected]
[–] [email protected] 1 points 8 months ago (3 children)

Phishable. Use FIDO2 (webauthn) with user verification (pin, fingerprint)

I'm this close to visiting my "local" branch for all my banking. in c/[email protected]
[–] [email protected] -1 points 8 months ago (5 children)

TOTP is not secure

view more: ‹ prev next ›