linuxmemes

20484 readers

1001 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

986

Debian security amirite? (lemmy.world)

submitted 4 months ago by [email protected] to c/[email protected]

75 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 15 points 4 months ago (1 children)

The reason I consider this sloppy is because he altered default behavior. Done properly, an injection like this probably could have been done with no change to default behavior, and we’d be even less likely to have gotten lucky.

Looking back we can see all the signs pointing to it, but it still took a lot of getting lucky to find it.

I’ve always considered the “source is open so people can check for vulnerabilities” saying a bit ironic, because I’d bet 99% of us never look, nor could find it if we were looking. The bystander effect is definitely here as we all just assume someone else has audited it.

[–] [email protected] 3 points 4 months ago

Done properly, an injection like this probably could have been done with no change to default behaviour,

Interesting.
So the sloppiness was in the implementation and not the social engineering.
But then of course, people tend to be not good at both, fooling people and fooling programmers/computers at the same time. In this case, the chap turned out to be better at fooling people than programmers/computers.

And I am being sloppy for not trying to learn enough about exploits even though I should have a good enough programming base to start it.