Comment

Comment on A sneaky demonstration of the dangers of curl bash

ShortN0te@lemmy.ml ⁨2⁩ ⁨months⁩ ago

After gaining initial access, the malicious cyber actor deployed malware that scanned the environment for sensitive credentials.

So as I said, the keys got compromised. Thats what i said in the second post.

Sort:hotnew top

xylogx@lemmy.world ⁨2⁩ ⁨months⁩ ago
What you said is the key infra needs to get compromise. I do not need to own the PKI that issued the certs, I just need the private key of the signer. And again, this is something that happens. A lot. A software publisher gets owned, then their account is used to distribute malware.

source
- ShortN0te@lemmy.ml ⁨2⁩ ⁨months⁩ ago
  
  To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.
  
  As i said, to compromise a signature checked update over the internet you need to compromise both, the distributing infrastructure AND the key. With just either one its not possible. (Ignoring flaws in the code ofc)
  
  source
  - xylogx@lemmy.world ⁨2⁩ ⁨months⁩ ago
    Take a look at Shai Hulud. All the attacker had was the key.
    
    source
    ShortN0te@lemmy.ml ⁨2⁩ ⁨months⁩ ago
    Yes, the secrets to submit to the distribution system got compromised and therefore the system got compromised.
    
    source