Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.
Side Note: It was already believed that SSH encryption was broken by state actors since the first NSA leaks. So, people should at least always use it over another encrypted channel anyway.
Btw, Jia Tan is an awesome software dev that you should hire. /s
We’re all completely pwned. That’s the only way to feel ok for me. My info has been compromised tons of times and no one notified me. I just accept it. I practice good security and I know that some of the companies on the other side don’t. I can’t change that.
Have you accepted that you’re gonna die? If yes, you should adopt this attitude. If not, I’m sorry that you’re so afraid of the natural process. Try to be healthy. Try to be secure. Accept that you’re gonna die or get pwned or both. It’s a lot healthier mindset (IMO).
Dare I ask, what ssh thing?
Side Note: It was already believed that SSH encryption was broken by state actors since the first NSA leaks. So, people should at least always use it over another encrypted channel anyway.
YES! This was a huge deal that what a lucky mishap rather than a sign of good security.
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
Btw, Jia Tan is an awesome software dev that you should hire. /s
We’re all completely pwned. That’s the only way to feel ok for me. My info has been compromised tons of times and no one notified me. I just accept it. I practice good security and I know that some of the companies on the other side don’t. I can’t change that.
Have you accepted that you’re gonna die? If yes, you should adopt this attitude. If not, I’m sorry that you’re so afraid of the natural process. Try to be healthy. Try to be secure. Accept that you’re gonna die or get pwned or both. It’s a lot healthier mindset (IMO).