|
|
|
|
|
|
by bcrypt
3949 days ago
|
|
|
That's correct. I did not discover vulnerabilities in existing libraries or add backdoors to any of them. :) The attack scenario described in the post is (1) attacker writes some plausible-looking patches to an existing library like jQuery, (2) attacker convinces library maintainer to merge the patches, (3) someone builds the library with a buggy minifier, which creates the actual backdoor. |
|
|