OpenSSH and XZ/liblzma: A nation-state attack was thwarted, what did we learn? (docker.com) 25 points by justincormack 2y ago ↗ HN
[–] Havoc 2y ago ↗ > what did we learnMinimise attack surfaces at all costs. For every thwarted attack there are likely other successful ones
[–] david_allison 2y ago ↗ Security advice from Docker? Hypocrisyhttps://github.com/moby/moby/issues/45610 [–] BuildTheRobots 2y ago ↗ Well it is April Fools; it's nice to see some companies still have a sense of humour.
[–] BuildTheRobots 2y ago ↗ Well it is April Fools; it's nice to see some companies still have a sense of humour.
[–] smashed 2y ago ↗ Good tidbit in there that systemd was about to ship an optimization that rendered their payload non-functional:https://github.com/systemd/systemd/pull/31550This might be why they started rushing their backdoored release, even though it was not perfect yet.
8 comments
[ 4.3 ms ] story [ 29.1 ms ] threadSource?
Minimise attack surfaces at all costs. For every thwarted attack there are likely other successful ones
https://github.com/moby/moby/issues/45610
https://github.com/systemd/systemd/pull/31550
This might be why they started rushing their backdoored release, even though it was not perfect yet.