this post was submitted on 01 Aug 2025
231 points (97.9% liked)

Technology

73534 readers
2477 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
231
St. Paul, MN, was hacked so badly that the National Guard has been deployed (arstechnica.com)
submitted 2 days ago by return2ozma@lemmy.world to c/technology@lemmy.world
60 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] toothpaste_ostrich@feddit.nl 19 points 2 days ago (2 children)

I mean... For real, I've never heard of Linux systems being hacked this way. I'm sure it's possible, but it certainly seems rarer.

Slipping shit in upstream also certainly doesn't happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can't automate those kinds of attacks. (I imagine. Correct me if I'm wrong.)

[–] sp3ctr4l@lemmy.dbzer0.com 6 points 1 day ago* (last edited 1 day ago)

It does happen occasionally, from time to time, but, because everything is gasp open source, it tends to get caught, identified, blocked/quarantined and then fixed considerably more rapidly, with decent fallback instructions/procedures in that interim period.

Like apparently it actually just recently happened with some asshole uploading bs malware libs/sources to the AUR... even still, got caught pretty quickly.

Also, you can basically describe the entire CrowdStrike fiasco as exactly this kind of upstream oopsie doopsie.

Doesn't really matter in the big picture if it was intentionally malicious or not, when you Y2K 1/4 of the world's computer systems.

[–] CallMeAnAI@lemmy.world 3 points 2 days ago (2 children)

Absolute opposite. The majority of successful attacks you see today are identity management and supply chain attacks. If you walk into any OCIO office supply chain will be a top 3 concern.

[–] msage@programming.dev 6 points 1 day ago (1 children)

I know of one successful supply chain attack in FOSS.

So still points for using it.

[–] SheeEttin@lemmy.zip -1 points 1 day ago (1 children)

AUR has had multiple Trojans just this week

[–] msage@programming.dev 0 points 1 day ago

I'm sorry, Dave, but AUR does not count.

[–] toothpaste_ostrich@feddit.nl 0 points 1 day ago

I... Don't understand what you said here 🫤