this post was submitted on 31 Mar 2024
252 points (98.1% liked)

Open Source

31165 readers
98 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
252
Inside the failed attempt to backdoor SSH globally - that got caught by chance - Kevin Beaumont (doublepulsar.com)
submitted 7 months ago by lemmyreader@lemmy.ml to c/opensource@lemmy.ml
24 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] ErilElidor@feddit.de 19 points 7 months ago (3 children)

My takeaway is more like: This one almost made it through and was caught by accident. How much more backdoors actually were not caught and made it through? I would bet some money on it being more than 0 :(

[–] trolololol@lemmy.world 2 points 7 months ago

Yep for sure. But open source at least let's you examine every part of the ecosystem.

No software is perfect even if all contributors have good intentions and do all due diligence.

Throw some malice and there is a chance something will get through.

[–] hitmyspot@aussie.zone 1 points 7 months ago

Yes, probabky, but also might be possible to now find.

[–] Croquette@sh.itjust.works 1 points 7 months ago

Im not sure why it being caught by accident is a factor here.

If devs knew what the pitfalls were before coding, there wouldn't be security risks in software.

Hackers do the same thing. They pen test, and if by chance they find something, they exploit it.