|
|
Subscribe / Log in / New account

Security quotes of the week

[Posted August 13, 2025 by corbet]

In this blog, we share a new finding in the XZ Utils saga: several Docker images built around the time of the compromise contain the backdoor.

At first glance, this might not seem alarming: if the distribution packages were backdoored, then any Docker images based on them would be infected as well. However, what we discovered is that some of these compromised images are still publicly available on Docker Hub. And even more troubling, other images have been built on top of these infected base images, making them transitively infected.

Binarly REsearch

The article contains "steps you can take to figure out if it's a scam," but omits the first and most fundamental piece of advice: If the hacker had incriminating video about you, they would show you a clip. Just a taste, not the worst bits so you had to worry about how bad it could be, but something. If the hacker doesn't show you any video, they don't have any video. Everything else is window dressing.
Bruce Schneier

Imagine how much Texas schools could do with an extra $90/student/year – how much more usefully that money could be spent if it were turned over to teachers. But instead, Rep [Ryan] Guillen wants to put "AI in schools" in the form of drones equipped with pepper-spray, flash bangs, and "lances" that can be smashed into people at 100mph.

The problem with AI in schools isn't that students are using AI to do their homework. It's that schools have been turned into reward-hacking AIs by a system that hates the idea of an educated populace almost as much as it hates the idea of unionized teachers who are empowered to teach our kids.

Cory Doctorow
to post comments

Validation

Posted Aug 16, 2025 0:12 UTC (Sat) by jdulaney (subscriber, #83672) [Link]

I build my containers from scratch

Just Corruption

Posted Aug 18, 2025 17:29 UTC (Mon) by ScottMinster (subscriber, #67541) [Link] (1 responses)

I won't comment on the wide stereotypes and conspiracy theories in the Doctorow article, but I think this is important to note this additional information from it: "these drones are supplied by a single company that has ties to Guillen".

So it appears it's just a corrupt lawmaker trying to benefit from his position of trust. Again. Because this kind actions are not prosecuted (they probably aren't even illegal), and the public doesn't vote these people out of office.

In a more ideal world, proposing something like this that had direct benefits for lawmaker would be so embarrassing, none of his colleagues would associate with him again, and he'd be forced to resign before losing any future elections. Sadly, we don't live in such a world, not because people like corruption, but they think the "other" guy would be worse. And who knows, they might be right.

The only good news is that this appears to be just a proposed change, not something that has been voted on and approved (I assume, I Googled it and found some articles from 2024 talking about its introduction, but nothing about it passing or failing).

Just Corruption

Posted Aug 21, 2025 11:21 UTC (Thu) by davidgerard (guest, #100304) [Link]

This comment appears to be just sh*t-talking Doctorow and not actually disputing a single claim.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds