If I'm reading this right, would there be any persistent evidence of the execute... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

emeraldd 11 months ago | parent | context | favorite | on: XZ backdoor: "It's RCE, not auth bypass, and gated...

If I'm reading this right, would there be any persistent evidence of the executed payload? I can't think of a reason anything would have to go to disk in this situation, so a compromise could easily look like an Auth failure in the logs .... maybe a difference in timings .. but that's about it ...

junon 11 months ago [–]

Unless the payload did something that produced evidence, or if the program using openssl that was affected was, for some reason, having all of its actions logged, then no, probably not.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact