lemmyreader@lemmy.ml to linuxmemes@lemmy.worldEnglish · 7 months agoBackdoorslemmy.mlimagemessage-square42fedilinkarrow-up142arrow-down10file-textcross-posted to: autism@lemmy.world
arrow-up142arrow-down1imageBackdoorslemmy.mllemmyreader@lemmy.ml to linuxmemes@lemmy.worldEnglish · 7 months agomessage-square42fedilinkfile-textcross-posted to: autism@lemmy.world
minus-squareSquare Singer@feddit.delinkfedilinkarrow-up0·7 months agoThe only real downside on the open source side is that the fix is also public, and thus the recipe how to exploit the backdoor. If there’s a massive CVE on a closed source system, you get a super high-level description of the issue and that’s it. If there’s one on an open source system, you get ready-made “proof of concepts” on github that any script kiddy can exploit. And since not every software can be updated instantly, you are left with millions of vulnerable servers/PCs and a lot of happy script kiddies. See, for example, Log4Shell.
minus-squareDemSpud@lemmy.dbzer0.comlinkfedilinkarrow-up0·7 months agobUt gUyS WhAt aBoUt sEcUrItY ThRoUgH ObScUrItY??
minus-squareSquare Singer@feddit.delinkfedilinkarrow-up0·7 months agohEy, yOu lEaRnEd A bUzZwOrD aNd rEcEnTlY dIsCoVeReD tHe sHiFt KeY!!! cOnGrAtS!?!
The only real downside on the open source side is that the fix is also public, and thus the recipe how to exploit the backdoor.
If there’s a massive CVE on a closed source system, you get a super high-level description of the issue and that’s it.
If there’s one on an open source system, you get ready-made “proof of concepts” on github that any script kiddy can exploit.
And since not every software can be updated instantly, you are left with millions of vulnerable servers/PCs and a lot of happy script kiddies.
See, for example, Log4Shell.
bUt gUyS WhAt aBoUt sEcUrItY ThRoUgH ObScUrItY??
hEy, yOu lEaRnEd A bUzZwOrD aNd rEcEnTlY dIsCoVeReD tHe sHiFt KeY!!! cOnGrAtS!?!