Yeah, that’s the scariest part. This was caught, but are there other projects out there that have been attacked with similar methods that no one knows about?
There’s also the ones known by very few people. There’s companies and unofficial groups of people who collect and sell this information. Usually to state governments, off records.
I don’t think it’s the case for Linux, but I occasionally follow the state of things for bounties offered by Google and Apple to white hat hackers. Though this case is clearly malicious, I understand most vulnerabilities can easily pass as a bug/mistake.
Yeah, that’s the scariest part. This was caught, but are there other projects out there that have been attacked with similar methods that no one knows about?
I have a feeling there are a lot of busy people trying to answer that question, now. Yikes.
There’s also the ones known by very few people. There’s companies and unofficial groups of people who collect and sell this information. Usually to state governments, off records.
I don’t think it’s the case for Linux, but I occasionally follow the state of things for bounties offered by Google and Apple to white hat hackers. Though this case is clearly malicious, I understand most vulnerabilities can easily pass as a bug/mistake.