• sbv@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    9 months ago

    OP is referring to a backdoor that was found. It apparently modified behaviour in a way that was noticeable to humans, suggesting that it was built by an unskilled adversary.

    It’s a safe bet that there are others (in FOSS) that remain undiscovered. We know that skilled adversaries can produce pretty amazing attacks (e.g. stuxnet), so it seems likely that similar vulnerabilities remain in other FOSS packages.

    • communism
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      9 months ago

      It’s a safe bet that there are others (in FOSS) that remain undiscovered.

      I agree, but I don’t think that image (about survivors’ bias) applies to the op meme then, as that would imply that it only seems like open source backdoors are convoluted because we’ve not found the simple/obvious ones

      • sbv@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        Survivorship bias or survival bias is the logical error of concentrating on entities that passed a selection process while overlooking those that did not. This can lead to incorrect conclusions because of incomplete data.

        In this case, the selection process is discovering human-evident back doors. It fits by my reading.

    • MataVatnik@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      Stuxnet was done by a literal army assembled by state actors with massive funding hoarding zero days. If an attack like that came at you there is very little you can do.