Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tialaramex
10 months ago
|
parent
|
context
|
favorite
| on:
XZ backdoor: "It's RCE, not auth bypass, and gated...
It's a NOBUS (Nobody But Us can use it) attack. The choice to use a private key means it's possible that even the person who submitted the tampered code doesn't have the private key, only some other entity controlling them does.
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
