Permission-based systems are bad. See #XUL getting replaced by #WebExtensions for example. It didn't stop #malware from getting into the #browser or the extension store. On the contrary, the malware problem only got worse after the complete replacement of XUL extensions, which is often disparaged as "insecure" because it allowed users to pretty much change how their browser fundamentally works.
Who knew that distrusting your users and not giving them control leads to more malicious software and user #security being broken more often. :seija_coffee:
The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.
P.S. never give cybersecurity spooks clicks even after they go "freelance" or whatever
Regarding xz-utils backdoor (liblzma5): Right now no Debian stable versions are known to be affected.
Compromised packages were part of the Debian testing, unstable and experimental distributions, with versions ranging from 5.5.1alpha-0.1 (uploaded on 2024-02-01), up to and including 5.6.1-1. The package has been reverted to use the upstream 5.4.5 code, which we have versioned 5.6.1+really5.4.5-1. Debian #Linux 12/11/10 appears safe. Taken from https://lists.debian.org/debian-security-announce/2024/msg00057.html#infosec#security