A Critical Security Bug in Tarsnap

The author of tarsnap (“online backups for the truly paranoid”) has sent out an advisory describing a “critical” security bug in versions 1.0.22 through 1.0.27. “It may be possible for me, Amazon, or US government agencies with access to Amazon’s datacenters to decrypt data stored with those versions of Tarsnap. This is an absolutely unacceptable compromise of Tarsnap’s security principles, and I sincerely apologize to everyone affected.” The posting describes how to respond to the problem and is an interesting discussion of how easily things can go wrong in security-related code.

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR