XZ Backdoor Linux Hack - Images
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack
![[-] Mysterious_Focus6144 352 points 17 hours ago The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It sounds like the backdoor attempt was meant as the first step of a larger campaign: 1. Create backdoor. 2. Remotely execute an exploit. 3. profit. This methodical, patient, sneaky effort spanning a couple of years makes it more likely, to me at least, to be the work of a state, which also seems to be the consensus atm permalink source embed save save-RES report reply hide child comments [-] ProgsRS 159 points 16 hours ago It's very likely to be a planned group project given the amount of time it took. Less likely for a lone actor to have this much patience, foresight and commitment. There were others involved as fresh accounts who played different roles (like pressuring the maintainer) during certain periods and suddenly dropped off after, while Jia Tan was a separate persona who had been slowly and separately building trust with the end goal and task of delivering the final payload. It's possible that this was all the same person switching roles, but it's more likely to be an organized group effort over the span of years. permalink source embed save save-RES parent report reply hide child comments](https://i.kym-cdn.com/photos/images/masonry/002/785/396/cff.png)
![[-] Mysterious_Focus6144 352 points 17 hours ago The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It sounds like the backdoor attempt was meant as the first step of a larger campaign: 1. Create backdoor. 2. Remotely execute an exploit. 3. profit. This methodical, patient, sneaky effort spanning a couple of years makes it more likely, to me at least, to be the work of a state, which also seems to be the consensus atm permalink source embed save save-RES report reply hide child comments [-] ProgsRS 159 points 16 hours ago It's very likely to be a planned group project given the amount of time it took. Less likely for a lone actor to have this much patience, foresight and commitment. There were others involved as fresh accounts who played different roles (like pressuring the maintainer) during certain periods and suddenly dropped off after, while Jia Tan was a separate persona who had been slowly and separately building trust with the end goal and task of delivering the final payload. It's possible that this was all the same person switching roles, but it's more likely to be an organized group effort over the span of years. permalink source embed save save-RES parent report reply hide child comments](https://i.kym-cdn.com/photos/images/original/002/785/396/cff.png)
XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
https://news.ycombinator.com/item?id=39865810#39866275
![rwmj 1 day ago | next [-] Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features". We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo. He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise. reply](https://i.kym-cdn.com/photos/images/masonry/002/785/344/a55.png)
![rwmj 1 day ago | next [-] Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features". We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo. He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise. reply](https://i.kym-cdn.com/photos/images/original/002/785/344/a55.png)
XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack
XZ Backdoor Linux Hack


XZ Backdoor Linux Hack