#YachaBlog
Photo
No thank you, I would commit another critical CVE in the name of the USSR
Forwarded from OrangeFox Recovery NEWS
The basic services have been restored, and your security remains our top priority. We have thoroughly validated every single OrangeFox release, ensuring that none of them has been tampered with in any way.
Upon searching our servers, we found nothing suspicious, and we have taken all necessary steps to ensure the integrity of the servers. We do not store any personal data, or any device or IP identifiers, ensuring that there is nothing to leak.
We have enhanced our security infrastructure and will continue to adhere to the latest security guidelines.
- OrangeFox Team
Upon searching our servers, we found nothing suspicious, and we have taken all necessary steps to ensure the integrity of the servers. We do not store any personal data, or any device or IP identifiers, ensuring that there is nothing to leak.
We have enhanced our security infrastructure and will continue to adhere to the latest security guidelines.
- OrangeFox Team
😁3❤2
For complete nerds that wants to investigate into this backdoor - https://gynvael.coldwind.pl/?lang=en&id=782
gynvael.coldwind.pl
xz/liblzma: Bash-stage Obfuscation Explained
Forwarded from Linux / Линукс
Please open Telegram to view this post
VIEW IN TELEGRAM
Why don't Telegrem Desktop have a print option? I want to print the chat perls sometimes!
#YachaBlog
🖥️ Sticker
I wish they add a way to switch desktops holding Super key and scrilling wheel, just like in Gnome.
Forwarded from Programmer Humor
I daily jumped into mine openSUSE mailing list folder and today was a very hot discussion about the Supply Chain issue and XZ itself. I found this specific fragment very amusing thought
https://archlinux.org/news/the-xz-package-has-been-backdoored/
I think as the conclusion we're dealing not with the vulnerability but rather with the maintainers guidelines.
It only shows that the Archlinux/Manjaro Maintainers are less than knowledgeable about their packages. Inspite if not building rpm or debian packages they claim to have "fixed" the backdoor while going from 5.6.1-1 to 5.6.2-2 [1]. The disassembly of liblzma didn't even change between those package versions.
https://archlinux.org/news/the-xz-package-has-been-backdoored/
I think as the conclusion we're dealing not with the vulnerability but rather with the maintainers guidelines.
I think in general this is a new reality, many open-source projects are talking about improving it's own security principles, including OrangeFox.
Should we consider this particular supply chain issue a very lucky case for us, that it never got a way into the most of distros, was quickly disclosed and patched as well as raised the general attitude to security?
Should we consider this particular supply chain issue a very lucky case for us, that it never got a way into the most of distros, was quickly disclosed and patched as well as raised the general attitude to security?