Jan Schaumann<p>Excellent summary by Solar Designer on oss-security of what's happened in the last two weeks in response to the <a href="https://mstdn.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xz</span></a> <a href="https://mstdn.social/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a>:</p><p><a href="https://www.openwall.com/lists/oss-security/2024/04/16/5" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">openwall.com/lists/oss-securit</span><span class="invisible">y/2024/04/16/5</span></a></p><p>Noteworthy:<br>- <a href="https://mstdn.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> implemented systemd notification<br>- <a href="https://mstdn.social/tags/systemd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>systemd</span></a> moves to dlopen(3) for some dependencies<br>- another detailed timeline at <a href="https://research.swtch.com/xz-timeline" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">research.swtch.com/xz-timeline</span><span class="invisible"></span></a><br>- similar social engineering takeover attempts suspected in <a href="https://mstdn.social/tags/OpenJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenJS</span></a> and <a href="https://mstdn.social/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSF</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
196active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#openjs
0 posts · 0 participants · 0 posts today
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/OpenJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenJS</span></a> Foundation Targeted in Potential JavaScript Project Takeover Attempt in a manner similar to the recent XZ incident:<br><a href="https://infosec.exchange/tags/SoftwareSupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareSupplyChainSecurity</span></a></p><p><a href="https://thehackernews.com/2024/04/openjs-foundation-targeted-in-potential.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2024/04/open</span><span class="invisible">js-foundation-targeted-in-potential.html</span></a></p><p><a href="https://thehackernews.com/2024/04/openjs-foundation-targeted-in-potential.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2024/04/open</span><span class="invisible">js-foundation-targeted-in-potential.html</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload