Conversation
Notices
-
:btrfly: anime graf mays 🛰️🪐 (graf@poa.st)'s status on Saturday, 30-Mar-2024 09:48:52 JST 
:btrfly: anime graf mays 🛰️🪐
@p @p check this out @sjw @Moon somebody introduced a backdoor into xz/xz-utils (debian/ubuntu) via systemd and openssh (openrc chads stay winning)
openwall.com/lists/oss-security/2024/03/29/4
github.com/tukaani-project/xz/commit/af071ef7702debef4f1d324616a0137a5001c14c
:arch: CVE is up security.archlinux.org/CVE-2024-3094
:gentoo: is marked in-progress bugs.gentoo.org/show_bug.cgi?id=CVE-2024-3094-
:btrfly: anime graf mays 🛰️🪐 (graf@poa.st)'s status on Saturday, 30-Mar-2024 09:48:50 JST
:btrfly: anime graf mays 🛰️🪐
@matty @p @sjw @tyler @Moon @p basically some chink added some :pandaman16: backdoor into xz and its utilities (and libraries on some distros). it's only in binary distribution packages and it's only systemd rolling release basically thats effected (so arch and similar). because sshd relies on xz to a certain extent, this payload compromises the security of sshd allowing some chinaman to login Weaf :jv::nv: repeated this. -
Tyler (tyler@nicecrew.digital)'s status on Saturday, 30-Mar-2024 09:48:51 JST 
Tyler
That's really interesting -
Matty-kun :Christmas_kitty_bell: (matty@nicecrew.digital)'s status on Saturday, 30-Mar-2024 09:48:51 JST 
Matty-kun :Christmas_kitty_bell:
Yes these do appear to be words on the screen -
:btrfly: anime graf mays 🛰️🪐 (graf@poa.st)'s status on Saturday, 30-Mar-2024 09:49:43 JST
:btrfly: anime graf mays 🛰️🪐
@matty @p @sjw @tyler @Moon @p lmfao -
DJ :debian: :coolcat: :colombia: (dj@parcero.bond)'s status on Saturday, 30-Mar-2024 10:07:28 JST 
DJ :debian: :coolcat: :colombia:
@graf @p @sjw @matty @tyler @Moon @p † top dog :pedomustdie: likes this. -
:btrfly: anime graf mays 🛰️🪐 (graf@poa.st)'s status on Tuesday, 02-Apr-2024 06:04:37 JST
:btrfly: anime graf mays 🛰️🪐
@matty @p @sjw @tyler @Moon @p oh my fucking god lmfao matrix07012 :thotpatrol: :cunnyEmpire: likes this. -
:btrfly: anime graf mays 🛰️🪐 (graf@poa.st)'s status on Tuesday, 02-Apr-2024 10:05:47 JST
:btrfly: anime graf mays 🛰️🪐
@eriner @p @sjw @matty @tyler @Moon @p this whole thing reeks like an actual glowop tbh especially with that 1password devs account pushing a pr to a 3 year dormant repo. these supply chain attacks are becoming a lot more commonplace and hard to detect. not good xianc78 repeated this. -
reeeeeelman (realman543@annihilation.social)'s status on Tuesday, 02-Apr-2024 10:05:47 JST 
reeeeeelman
@graf @p @sjw @matty @tyler @eriner @Moon @p How will they re-imagine something that works?
Klaus Schwab Cyberattack Worse than COVID-19 Crisis - Power Grid Down, Banking Offline-0DKRvS-C04o.mp4 -
Matt Hamilton (eriner@noauthority.social)'s status on Tuesday, 02-Apr-2024 10:05:48 JST 
Matt Hamilton
@graf @p@bae.st @sjw @matty @tyler @Moon @p@shitposter.club
Did you see the guy who said it was "false flag" right beneath that?
I almost made the post "found the poa.st user, mastodon.social user, and noauthority.social user" but decided against it, lol.
-
All 076萌SNS content and data are available under the