We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
-
@briankrebs Return to abacus.
@sraars "someone stole the beads!"
@briankrebs -
@briankrebs this vibe is perfectly captured in Benn Jordan's video about finding malware in UniTree robot dogs https://www.youtube.com/watch?v=lA8WuXDXfcI
@docpop @briankrebs Benn Jordan is a national treasure.
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
@briankrebs i feel like a lesson from xz was that it's actually good if there exist professional nerds whose needs are met and who aren't overworked or micromanaged so they have the space to needle and poke things. i'm sure someone with a linkedin acct is going "ai could fix this" but we're this deep into ai and this fix is apparently arriving on the same schedule as that exponential rise in software quality
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
For a while now I've been waiting a couple of days to let everyone else try the updates first, unless it's to patch something specific. What happens if everyone starts waiting for everyone else?
-
@briankrebs i feel like a lesson from xz was that it's actually good if there exist professional nerds whose needs are met and who aren't overworked or micromanaged so they have the space to needle and poke things. i'm sure someone with a linkedin acct is going "ai could fix this" but we're this deep into ai and this fix is apparently arriving on the same schedule as that exponential rise in software quality
@kirakira all valid. I feel like we have learned 1000 lessons since xz on how not to do software security, most especially with countless devs having their NPM and/or GitHub repos completely pwned or silently backdoored. This is happening on a somewhat industrial scale from a variety of threat actors in real time, and some of them are finding great success in subverting the pipelines of companies that sell security software!
-
R relay@relay.infosec.exchange shared this topic
-
@briankrebs doesn't this mean that a motivated bad actor could compromise Microsoft/Apple/Google/Amazon and break the world? Stongarm the nerds, then push out some diabolical patch.
@notasnek @briankrebs *cough* 20240718 *cough* as a PoC for that?
-
R relay@relay.publicsquare.global shared this topic
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
@briankrebs Thus has been my icky time for some years now..
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
@briankrebs As it was foretold...
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
@briankrebs
You have reminded me that I need a new phone. Damn. -
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
Is it the point in history where we go back to the Commodore 64?
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
I anyway have #UpdateAngst all the time because of new bugs, loss personal data like bookmarks/favourites, worse interfaces, more ads, the usual enshitification, and now backdoors. 🥳
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
@briankrebs redundant “backdoored” in there
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
@briankrebs Well said!
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
@briankrebs I've been feeling this lately with regards to most software updates (for personal usage), continuous enshittification is a factor too
-
We've come to an icky time in security when the concern about using outdated, unpatched software starts to become overshadowed by the fear of downloading some backdoored update.
