XZ Backdoor Linux Hack - Images

Sorted By:

XZ Backdoor Linux Hack

>Performance testing regressions >Look inside >They put a backdoor in xz
>Performance testing regressions >Look inside >They put a backdoor in xz

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

[-] Mysterious_Focus6144 352 points 17 hours ago The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It sounds like the backdoor attempt was meant as the first step of a larger campaign: 1. Create backdoor. 2. Remotely execute an exploit. 3. profit. This methodical, patient, sneaky effort spanning a couple of years makes it more likely, to me at least, to be the work of a state, which also seems to be the consensus atm permalink source embed save save-RES report reply hide child comments [-] ProgsRS 159 points 16 hours ago It's very likely to be a planned group project given the amount of time it took. Less likely for a lone actor to have this much patience, foresight and commitment. There were others involved as fresh accounts who played different roles (like pressuring the maintainer) during certain periods and suddenly dropped off after, while Jia Tan was a separate persona who had been slowly and separately building trust with the end goal and task of delivering the final payload. It's possible that this was all the same person switching roles, but it's more likely to be an organized group effort over the span of years. permalink source embed save save-RES parent report reply hide child comments
[-] Mysterious_Focus6144 352 points 17 hours ago The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It sounds like the backdoor attempt was meant as the first step of a larger campaign: 1. Create backdoor. 2. Remotely execute an exploit. 3. profit. This methodical, patient, sneaky effort spanning a couple of years makes it more likely, to me at least, to be the work of a state, which also seems to be the consensus atm permalink source embed save save-RES report reply hide child comments [-] ProgsRS 159 points 16 hours ago It's very likely to be a planned group project given the amount of time it took. Less likely for a lone actor to have this much patience, foresight and commitment. There were others involved as fresh accounts who played different roles (like pressuring the maintainer) during certain periods and suddenly dropped off after, while Jia Tan was a separate persona who had been slowly and separately building trust with the end goal and task of delivering the final payload. It's possible that this was all the same person switching roles, but it's more likely to be an organized group effort over the span of years. permalink source embed save save-RES parent report reply hide child comments

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

XZ Utils Backdoor It seems to me that this backdoor got everyone worried for the wrong reasons... And what would be the right reasons? NY. 2024 Patch Friday Backdoors without performance issues.
XZ Utils Backdoor It seems to me that this backdoor got everyone worried for the wrong reasons... And what would be the right reasons? NY. 2024 Patch Friday Backdoors without performance issues.

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

Ο Xz xz backdoor is patched. PATCH Amazing! 1 ΠΠΠΕ Daniel Stori {turnoffius}
Ο Xz xz backdoor is patched. PATCH Amazing! 1 ΠΠΠΕ Daniel Stori {turnoffius}

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

PROPRIETARY BACKDOOR MENTAL GYMNASTICS I want a backdoor in this software I ask the corpo to grant me access OPEN SOURCE BACKDOOR MENTAL GYMNASTICS spend 5 years gaining Immediately get find not well maintained related project the mantainer trust noticed by an Insert brittle system to autist due to 0.5s startup delay introduce vulnerability
PROPRIETARY BACKDOOR MENTAL GYMNASTICS I want a backdoor in this software I ask the corpo to grant me access OPEN SOURCE BACKDOOR MENTAL GYMNASTICS spend 5 years gaining Immediately get find not well maintained related project the mantainer trust noticed by an Insert brittle system to autist due to 0.5s startup delay introduce vulnerability

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

BASED OFF COMMIT TIMES WE BELIEVE THIS TO BE A CHINA-NEXUS STATE SPONSORED THREAT ACTOR maflin.com
BASED OFF COMMIT TIMES WE BELIEVE THIS TO BE A CHINA-NEXUS STATE SPONSORED THREAT ACTOR maflin.com

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

N UNDERGROU vx-underground @vxunderground JiaT75 on GitHub pretending to be an OSS enthusiast and 100% NOT a state-sponsored Threat Actor 5:54 PM Mar 30, 2024 107.8K Views
N UNDERGROU vx-underground @vxunderground JiaT75 on GitHub pretending to be an OSS enthusiast and 100% NOT a state-sponsored Threat Actor 5:54 PM Mar 30, 2024 107.8K Views

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

15M+LAG IN MS TEAMS 500MS LAG IN LIBLZMA
15M+LAG IN MS TEAMS 500MS LAG IN LIBLZMA

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

THE ENTIRE INFOSEC COMMUNITY THE MICROSOFT NERD BENCHMARKING HIS SSH CONNECTIONS
THE ENTIRE INFOSEC COMMUNITY THE MICROSOFT NERD BENCHMARKING HIS SSH CONNECTIONS

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

ALL MODERN DIGITAL INFRASTRUCTURE Suspiciously maintained by one state sponsored actor during office hours
ALL MODERN DIGITAL INFRASTRUCTURE Suspiciously maintained by one state sponsored actor during office hours

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

faulty *ptrrr @0x_shaq Finally I found the time to update some packages on my laptop. I feel so proud. ==> Upgrading 1 outdated package: xz 5.5.0 -> 5.6.0 ... Downloading https://ghcr.io/v2 Fetching xz Downloading https://ghcr.io/v2 1:02 PM Mar 30, 2024 108.6K Views
faulty *ptrrr @0x_shaq Finally I found the time to update some packages on my laptop. I feel so proud. ==> Upgrading 1 outdated package: xz 5.5.0 -> 5.6.0 ... Downloading https://ghcr.io/v2 Fetching xz Downloading https://ghcr.io/v2 1:02 PM Mar 30, 2024 108.6K Views

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

UNDERGROU vx-underground @vxunderground : The xz backdoor was initially caught by a software engineer at Microsoft. He noticed 500ms lag and thought something was suspicious. This is the Silver Back Gorilla of nerds. The internet final boss. dTec undTec@mastodon.social e micro-benchmarking at the time, em to reduce noise. Saw sshd prod g amount of CPU, despite immedia g usernames etc. Profiled sshd, sh na, with perf unable to attribute it t alled that I had seen an odd valgrin zma installed, logins via ssh beco alhost ermission denied (publickey). ng of postgres, a few weeks earlier, ermission denied (publickey). lot of coincidences. 9:49 AM · Mar 30, 2024 3.7M Views
UNDERGROU vx-underground @vxunderground : The xz backdoor was initially caught by a software engineer at Microsoft. He noticed 500ms lag and thought something was suspicious. This is the Silver Back Gorilla of nerds. The internet final boss. dTec undTec@mastodon.social e micro-benchmarking at the time, em to reduce noise. Saw sshd prod g amount of CPU, despite immedia g usernames etc. Profiled sshd, sh na, with perf unable to attribute it t alled that I had seen an odd valgrin zma installed, logins via ssh beco alhost ermission denied (publickey). ng of postgres, a few weeks earlier, ermission denied (publickey). lot of coincidences. 9:49 AM · Mar 30, 2024 3.7M Views

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

Agrief seed oil disrespecter @softminus software engineers will notice half a second of latency in something that should be instant and will move heaven and earth to fix it, or at least to understand why; and this seems to have blown an operation that had started to install a backdoor on every Debian/Ubuntu SSH server HaxRob @haxrob⚫ Mar 30 Replying to @haxrob Plans to literally "hack the planet" foiled due to 500ms of latency that Andres instinctually investigated. The latency was due how the malicious code parsed symbol tables in memory. Show more With the backdoored liblzma installed, logins via ssh become a lot slower. time ssh nonexistant@...alhost before: nonexistant@...alhost: Permission denied (publickey). before: real 0m0.299s user 0m0.202s sys 0m0.006s after: nonexistant@...alhost: Permission denied (publickey). real 0m0.807s user 0m0.202s sys 0m0.006s 2:25 AM Mar 30, 2024 2.3M Views • •
Agrief seed oil disrespecter @softminus software engineers will notice half a second of latency in something that should be instant and will move heaven and earth to fix it, or at least to understand why; and this seems to have blown an operation that had started to install a backdoor on every Debian/Ubuntu SSH server HaxRob @haxrob⚫ Mar 30 Replying to @haxrob Plans to literally "hack the planet" foiled due to 500ms of latency that Andres instinctually investigated. The latency was due how the malicious code parsed symbol tables in memory. Show more With the backdoored liblzma installed, logins via ssh become a lot slower. time ssh nonexistant@...alhost before: nonexistant@...alhost: Permission denied (publickey). before: real 0m0.299s user 0m0.202s sys 0m0.006s after: nonexistant@...alhost: Permission denied (publickey). real 0m0.807s user 0m0.202s sys 0m0.006s 2:25 AM Mar 30, 2024 2.3M Views • •

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

https://news.ycombinator.com/item?id=39865810#39866275

rwmj 1 day ago | next [-] Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features". We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo. He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise. reply
rwmj 1 day ago | next [-] Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features". We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo. He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise. reply

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

hackerfantastic.x @hackerfantastic Follow The author of the 'xz' backdoor commit history and activity shows that they kept office hours mostly. Mon-Fri, every other Saturday, I would imagine some of these would correlate with public holidays as this was clearly not a hobbyist. github.com/ JiaT75?tab=ove... 413 contributions in 2023 Mon Wed Fri Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Learn how we count contributions 8:06 PM - Mar 29, 2024 781K Views Less More
hackerfantastic.x @hackerfantastic Follow The author of the 'xz' backdoor commit history and activity shows that they kept office hours mostly. Mon-Fri, every other Saturday, I would imagine some of these would correlate with public holidays as this was clearly not a hobbyist. github.com/ JiaT75?tab=ove... 413 contributions in 2023 Mon Wed Fri Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Learn how we count contributions 8:06 PM - Mar 29, 2024 781K Views Less More

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

alden @birchboy Interesting note on the #xz backdoor: If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity. : If the dev was pwned, it could be a sign that the threat actor contributed in their own timezone 23:30- 23:00- 22:30- • 22:00- 21:30- 21:00 20:30- 20:00- 19:30 19:00 18:30 18:00- 17:30 17:00 16:30 16:00 15:30 15:00 14:30 14:00 5 13:30 13:00 12:30 12:00 ㅎ 11:30 11:00 10:30 10:00- 9:30 9:00 8:30 8:00 7:30- 7:00 6:30 6:00 oss-fuzz 5:30 cpp-docs 5:00 4:30 ⚫ wasmtime 4:00 • .github 3:30 3:00 XZ 2:30 • 2:00 1:30 1:00 0:30 0:00 ALT 01 xz-java xz-embedded tukaani-project.github.io 2022-04 2022-07 Jai Tan's Git Commits Over Time by Repository Malicious Commits Cluster: - Tests: Update two test files. ·liblzma: Fix false Valgrind error report with GCC. 2022-10 • 8:34 PM Mar 29, 2024 623.1K Views 2023-01 Date 2023-04 2023-07 2023-10 2024-01 2024-04
alden @birchboy Interesting note on the #xz backdoor: If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity. : If the dev was pwned, it could be a sign that the threat actor contributed in their own timezone 23:30- 23:00- 22:30- • 22:00- 21:30- 21:00 20:30- 20:00- 19:30 19:00 18:30 18:00- 17:30 17:00 16:30 16:00 15:30 15:00 14:30 14:00 5 13:30 13:00 12:30 12:00 ㅎ 11:30 11:00 10:30 10:00- 9:30 9:00 8:30 8:00 7:30- 7:00 6:30 6:00 oss-fuzz 5:30 cpp-docs 5:00 4:30 ⚫ wasmtime 4:00 • .github 3:30 3:00 XZ 2:30 • 2:00 1:30 1:00 0:30 0:00 ALT 01 xz-java xz-embedded tukaani-project.github.io 2022-04 2022-07 Jai Tan's Git Commits Over Time by Repository Malicious Commits Cluster: - Tests: Update two test files. ·liblzma: Fix false Valgrind error report with GCC. 2022-10 • 8:34 PM Mar 29, 2024 623.1K Views 2023-01 Date 2023-04 2023-07 2023-10 2024-01 2024-04

XZ Backdoor Linux Hack
xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer