quote from the article: https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
"Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. “BUT that's only because it was discovered early due to bad actor sloppiness."
If thats the case, why is this news everywhere. Dont get me wrong. Im happy that even more people are back on their toes but this didnt seem to hurt alot of people/organizations. why is this getting spotlight while it has been fixed already whilist there are still plenty of open issues and plenty more active vulnerabilities still around?
https://stack.watch/product/linux/
I get that we dodged a bullet but i think the news articles should focus more on the still active issues. Am i wrong?
[–]chadwickofwv 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (1 child)
[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)