Comment

Comment on St. Paul, MN, was hacked so badly that the National Guard has been deployed

<- View Parent

CallMeAnAI@lemmy.world ⁨3⁩ ⁨days⁩ ago

🤣 should we get a list of foss projects that have had security issues?

Stop this nonsense. You can hate Microsoft for legitimate reasons.

source

Sort:hotnew top

toothpaste_ostrich@feddit.nl ⁨3⁩ ⁨days⁩ ago
I mean… For real, I’ve never heard of Linux systems being hacked this way. I’m sure it’s possible, but it certainly seems rarer.

Slipping shit in upstream also certainly doesn’t happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can’t automate those kinds of attacks. (I imagine. Correct me if I’m wrong.)

source
- CallMeAnAI@lemmy.world ⁨3⁩ ⁨days⁩ ago
  Absolute opposite. The majority of successful attacks you see today are identity management and supply chain attacks. If you walk into any OCIO office supply chain will be a top 3 concern.
  
  source
  - msage@programming.dev ⁨3⁩ ⁨days⁩ ago
    I know of one successful supply chain attack in FOSS.
    
    So still points for using it.
    
    source
    SheeEttin@lemmy.zip ⁨3⁩ ⁨days⁩ ago
    AUR has had multiple Trojans just this week
    
    source
    -> View More Comments
  - toothpaste_ostrich@feddit.nl ⁨3⁩ ⁨days⁩ ago
    I… Don’t understand what you said here 🫤
    
    source
- sp3ctr4l@lemmy.dbzer0.com ⁨3⁩ ⁨days⁩ ago
  It does happen occasionally, from time to time, but, because everything is gasp open source, it tends to get caught, identified, blocked/quarantined and then fixed considerably more rapidly, with decent fallback instructions/procedures in that interim period.
  
  Also, you can basically describe the entire CrowdStrike fiasco as exactly this kind of upstream oopsie doopsie.
  
  Doesn’t really matter in the big picture if it was intentionally malicious or not, when you Y2K 1/4 of the world’s computer systems.
  
  source
disco@lemdro.id [bot] ⁨3⁩ ⁨days⁩ ago
Microsoft is getting hacked every other week.

source
- CallMeAnAI@lemmy.world ⁨3⁩ ⁨days⁩ ago
  As well as FoSS projects.
  
  source
trolololol@lemmy.world ⁨3⁩ ⁨days⁩ ago
Mate have a look at the SharePoint vulnerability. It’s embarrassingly bad. Like really really bad, and btw so bad that it’s very easy to understand and exploit. And prevent too, if a jr in my team did this I’d get them in trouble.

source
- sp3ctr4l@lemmy.dbzer0.com ⁨2⁩ ⁨days⁩ ago
  No no, you don’t get it.
  
  Random Windows ‘Powerusers’ obviously know more about programming and cybersecurity than people who actually do that for a living, duh!
  
  See, I wrote a bash file once, so I basically know everything about software dev, especially on linux as well, which is basically just the whole OS is powershell, right?
  
  /s/s/s
  
  source