pull down to refresh
533 sats \ 9 replies \ @nerd2ninja 1 Apr \ on: Inside the failed attempt to backdoor SSH globally — that got caught by chance security
https://cdn.discordapp.com/attachments/796935699034144798/1224080427921182821/media-cache.png?ex=661c30bc&is=6609bbbc&hm=fa6abd85ec020e6fec88852b82e23ebd65694627d082ecdf1a80ebcfed5ec7e5&
reply
Something not priced in to opensource security is AI reviewing code for potential vulnerabilities. It's not perfect of course, but it can call for more expert review by identifying suspicious practices in code or simply labeling a library as sus
Recently added our repos to socket to monitor our npm based supply chain for deps, and it's pretty awesome. Will be even more awesome when there are several others available
reply
If you applied such an AI bot to the XZ backdoor and it found it (without including it in your dataset of course) I'd be more enthusiastic. The degree of code obfuscation with this was pretty high to be fair.
reply
reply
Yea it was buried really good, but that will also result in automating new kinds of tests
reply
I look forward to it.
reply
reply
Looks like that page that link connects to has been .. removed
reply
deleted by author
reply