On Fri, 29 Mar 2024 16:53:04 +0000 Andy Smith <a...@strugglers.net> wrote:
> Hello, > > On Thu, Mar 28, 2024 at 05:47:44PM -0000, Curt wrote: > > On 2024-03-28, Greg Wooledge <g...@wooledge.org> wrote: > > > > > > A more proactive endeavor would be to document known best > > > practices > > > > It makes no fucking difference, because your important data is > > elsewhere and completely out of your control. > > I WAS going to gently suggest that you have a lie down in a cool, > shaded room, but which of us had this on our 2024 bingo card? > > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > (Upstream xz/lzma project compromised, hostile code inserted into > sshd in Debian sid and other leading edge distros.) > Hah! Most of us remember Heartbleed. He's actually referring to credentials stored externally being compromised. I'm not sure what can be done about that: maybe make some kind of, you know, law, about storing sensitive data, and prosecuting people who are responsible for failure to keep it secure... nothing like accountability for discouraging negligence. -- Joe