Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming “please hack me”.
I mean… For real, I’ve never heard of Linux systems being hacked this way. I’m sure it’s possible, but it certainly seems rarer.
Slipping shit in upstream also certainly doesn’t happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can’t automate those kinds of attacks. (I imagine. Correct me if I’m wrong.)
Absolute opposite. The majority of successful attacks you see today are identity management and supply chain attacks. If you walk into any OCIO office supply chain will be a top 3 concern.
Precisely. The AUR is just a somewhat organized script dump. There’s no release process, and any user can upload any script they want. If you’re not capable of auditing scripts yourself, don’t use the AUR, there’s no expectation of quality or safety at all.
Mate have a look at the SharePoint vulnerability. It’s embarrassingly bad. Like really really bad, and btw so bad that it’s very easy to understand and exploit. And prevent too, if a jr in my team did this I’d get them in trouble.
Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming “please hack me”.
Project manager: at least I can blame the vendor
🤣 should we get a list of foss projects that have had security issues? Or how about how someone slips some shit in upstream every few weeks it seems?
Stop this nonsense. You can hate Microsoft for legitimate reasons.
I mean… For real, I’ve never heard of Linux systems being hacked this way. I’m sure it’s possible, but it certainly seems rarer.
Slipping shit in upstream also certainly doesn’t happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can’t automate those kinds of attacks. (I imagine. Correct me if I’m wrong.)
Absolute opposite. The majority of successful attacks you see today are identity management and supply chain attacks. If you walk into any OCIO office supply chain will be a top 3 concern.
I know of one successful supply chain attack in FOSS.
So still points for using it.
AUR has had multiple Trojans just this week
I’m sorry, Dave, but AUR does not count.
Precisely. The AUR is just a somewhat organized script dump. There’s no release process, and any user can upload any script they want. If you’re not capable of auditing scripts yourself, don’t use the AUR, there’s no expectation of quality or safety at all.
I… Don’t understand what you said here 🫤
Microsoft is getting hacked every other week.
As well as FoSS projects.
Mate have a look at the SharePoint vulnerability. It’s embarrassingly bad. Like really really bad, and btw so bad that it’s very easy to understand and exploit. And prevent too, if a jr in my team did this I’d get them in trouble.