2024-03-30
Andres Freund, the principal software engineer at Microsoft who discovered the xz backdoor really does deserve a big pat on the back. 👏 The outcome could have been much, much worse.
Ars Technica
Researchers find malicious code in versions of the compression tool XZ Utils that were incorporated into Linux distributions from Red Hat, Debian, and others
Malicious code planted in xz Utils has been circulating for more than a month. — Researchers have found a malicious backdoor …
2024-03-09
@BushidoToken Not the first time SVR has have been found rummaging about in MS's source repos. As per MS's statement then: principle of least privilege does not apply to (viewable) access to source code. It's an age old debate, but one worth revisiting IMHO. https://msrc.microsoft.com/... [image]
The Verge
Microsoft says Russian state-sponsored hackers Midnight Blizzard accessed some of its “source code repositories and internal systems” following the January hack
and the Attack Isn't Over Pranav Dixit / Business Today : Microsoft discloses source code theft by Russian hackers Michael Kan / PCMag : Microsoft: Russian Hackers Accessed Company...