lemmyreader@lemmy.ml to Open Source@lemmy.mlEnglish · 3 months agoInside the failed attempt to backdoor SSH globally - that got caught by chance - Kevin Beaumontdoublepulsar.comexternal-linkmessage-square24fedilinkarrow-up1262arrow-down15
arrow-up1257arrow-down1external-linkInside the failed attempt to backdoor SSH globally - that got caught by chance - Kevin Beaumontdoublepulsar.comlemmyreader@lemmy.ml to Open Source@lemmy.mlEnglish · 3 months agomessage-square24fedilink
minus-squarehitmyspot@aussie.zonelinkfedilinkarrow-up28arrow-down1·3 months agoYes, but it didn’t. Has it made it through on closed software? Who knows?
minus-squareErilElidor@feddit.delinkfedilinkarrow-up19·3 months agoMy takeaway is more like: This one almost made it through and was caught by accident. How much more backdoors actually were not caught and made it through? I would bet some money on it being more than 0 :(
minus-squaretrolololol@lemmy.worldlinkfedilinkarrow-up2·3 months agoYep for sure. But open source at least let’s you examine every part of the ecosystem. No software is perfect even if all contributors have good intentions and do all due diligence. Throw some malice and there is a chance something will get through.
minus-squarehitmyspot@aussie.zonelinkfedilinkarrow-up1·3 months agoYes, probabky, but also might be possible to now find.
minus-squareCroquette@sh.itjust.workslinkfedilinkarrow-up2arrow-down1·3 months agoIm not sure why it being caught by accident is a factor here. If devs knew what the pitfalls were before coding, there wouldn’t be security risks in software. Hackers do the same thing. They pen test, and if by chance they find something, they exploit it.
Yes, but it didn’t. Has it made it through on closed software? Who knows?
My takeaway is more like: This one almost made it through and was caught by accident. How much more backdoors actually were not caught and made it through? I would bet some money on it being more than 0 :(
Yep for sure. But open source at least let’s you examine every part of the ecosystem.
No software is perfect even if all contributors have good intentions and do all due diligence.
Throw some malice and there is a chance something will get through.
Yes, probabky, but also might be possible to now find.
Im not sure why it being caught by accident is a factor here.
If devs knew what the pitfalls were before coding, there wouldn’t be security risks in software.
Hackers do the same thing. They pen test, and if by chance they find something, they exploit it.