HackerLangs
TopNewTrendsCommentsPastAskShowJobs

frenchman99

no profile record

comments

frenchman99
·2 jaar geleden·discuss
You say yourself that the time data could be tampered. It's trivial to change commit dates in git. So this analysis means nothing by itself, unfortunately.
frenchman99
·2 jaar geleden·discuss
Not at all. For instance, I don't know what the next steps are, but I run SSH servers behind Wireguard, exactly to prevent them being accessible in the case of such events. Wireguard is simple to setup, even if I lack the expertise to understand exactly how to go forward.
frenchman99
·2 jaar geleden·discuss
I was thinking about reinstalling, because I'm on Manjaro Linux, which has the version in question.

But it's unclear if earlier versions are also vulnerable.

And if it did nasty things to your machine, how do you make sure that the backups you have do not include ways for the backdoor to reinstate itself?
frenchman99
·2 jaar geleden·discuss
Totally agree. With things like Dependabot encouraged by GitHub, people now get automated pull requests for dependency updates, increasing the speed of propagation of such vulnerabilities.
frenchman99
·2 jaar geleden·discuss
Going forward this will require more than a citizens investigation. Law enforcement will surely be granted access. Also, tarballs are still available in package managers if you really want to dig into the code.