|
|
|
|
|
|
by phire
809 days ago
|
|
|
How to you know they don't? When a state actor says "We found this exploit", people will get paranoid and wondering if the fix is actually an exploit. Not saying it happened in this case, but it's really easy for a state actor to hide an extensive audit behind some parallel construction. Just create a cover story pretending to be a random user who randomly noticed ssh logins being slow, and use that story to point maintainers to the problem, without triggering anyone's paranoia, or giving other state actors evidence of your auditing capabilities. |
|
|