XZ Backdoor Linux Hack - Images

Sorted By:

XZ Backdoor Linux Hack

>Performance testing regressions >Look inside >They put a backdoor in xz

>Performance testing regressions >Look inside >They put a backdoor in xz

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

[-] Mysterious_Focus6144 352 points 17 hours ago The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It sounds like the backdoor attempt was meant as the first step of a larger campaign: 1. Create backdoor. 2. Remotely execute an exploit. 3. profit. This methodical, patient, sneaky effort spanning a couple of years makes it more likely, to me at least, to be the work of a state, which also seems to be the consensus atm permalink source embed save save-RES report reply hide child comments [-] ProgsRS 159 points 16 hours ago It's very likely to be a planned group project given the amount of time it took. Less likely for a lone actor to have this much patience, foresight and commitment. There were others involved as fresh accounts who played different roles (like pressuring the maintainer) during certain periods and suddenly dropped off after, while Jia Tan was a separate persona who had been slowly and separately building trust with the end goal and task of delivering the final payload. It's possible that this was all the same person switching roles, but it's more likely to be an organized group effort over the span of years. permalink source embed save save-RES parent report reply hide child comments

[-] Mysterious_Focus6144 352 points 17 hours ago The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It sounds like the backdoor attempt was meant as the first step of a larger campaign: 1. Create backdoor. 2. Remotely execute an exploit. 3. profit. This methodical, patient, sneaky effort spanning a couple of years makes it more likely, to me at least, to be the work of a state, which also seems to be the consensus atm permalink source embed save save-RES report reply hide child comments [-] ProgsRS 159 points 16 hours ago It's very likely to be a planned group project given the amount of time it took. Less likely for a lone actor to have this much patience, foresight and commitment. There were others involved as fresh accounts who played different roles (like pressuring the maintainer) during certain periods and suddenly dropped off after, while Jia Tan was a separate persona who had been slowly and separately building trust with the end goal and task of delivering the final payload. It's possible that this was all the same person switching roles, but it's more likely to be an organized group effort over the span of years. permalink source embed save save-RES parent report reply hide child comments

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

XZ Utils Backdoor It seems to me that this backdoor got everyone worried for the wrong reasons... And what would be the right reasons? NY. 2024 Patch Friday Backdoors without performance issues.

XZ Utils Backdoor It seems to me that this backdoor got everyone worried for the wrong reasons... And what would be the right reasons? NY. 2024 Patch Friday Backdoors without performance issues.

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

Ο Xz xz backdoor is patched. PATCH Amazing! 1 ΠΠΠΕ Daniel Stori {turnoffius}

Ο Xz xz backdoor is patched. PATCH Amazing! 1 ΠΠΠΕ Daniel Stori {turnoffius}

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

PROPRIETARY BACKDOOR MENTAL GYMNASTICS I want a backdoor in this software I ask the corpo to grant me access OPEN SOURCE BACKDOOR MENTAL GYMNASTICS spend 5 years gaining Immediately get find not well maintained related project the mantainer trust noticed by an Insert brittle system to autist due to 0.5s startup delay introduce vulnerability

PROPRIETARY BACKDOOR MENTAL GYMNASTICS I want a backdoor in this software I ask the corpo to grant me access OPEN SOURCE BACKDOOR MENTAL GYMNASTICS spend 5 years gaining Immediately get find not well maintained related project the mantainer trust noticed by an Insert brittle system to autist due to 0.5s startup delay introduce vulnerability

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

BASED OFF COMMIT TIMES WE BELIEVE THIS TO BE A CHINA-NEXUS STATE SPONSORED THREAT ACTOR maflin.com

BASED OFF COMMIT TIMES WE BELIEVE THIS TO BE A CHINA-NEXUS STATE SPONSORED THREAT ACTOR maflin.com

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

N UNDERGROU vx-underground @vxunderground JiaT75 on GitHub pretending to be an OSS enthusiast and 100% NOT a state-sponsored Threat Actor 5:54 PM Mar 30, 2024 107.8K Views

N UNDERGROU vx-underground @vxunderground JiaT75 on GitHub pretending to be an OSS enthusiast and 100% NOT a state-sponsored Threat Actor 5:54 PM Mar 30, 2024 107.8K Views

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

15M+LAG IN MS TEAMS 500MS LAG IN LIBLZMA

15M+LAG IN MS TEAMS 500MS LAG IN LIBLZMA

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

THE ENTIRE INFOSEC COMMUNITY THE MICROSOFT NERD BENCHMARKING HIS SSH CONNECTIONS

THE ENTIRE INFOSEC COMMUNITY THE MICROSOFT NERD BENCHMARKING HIS SSH CONNECTIONS

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

ALL MODERN DIGITAL INFRASTRUCTURE Suspiciously maintained by one state sponsored actor during office hours

ALL MODERN DIGITAL INFRASTRUCTURE Suspiciously maintained by one state sponsored actor during office hours

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

faulty *ptrrr @0x_shaq Finally I found the time to update some packages on my laptop. I feel so proud. ==> Upgrading 1 outdated package: xz 5.5.0 -> 5.6.0 ... Downloading https://ghcr.io/v2 Fetching xz Downloading https://ghcr.io/v2 1:02 PM Mar 30, 2024 108.6K Views

faulty *ptrrr @0x_shaq Finally I found the time to update some packages on my laptop. I feel so proud. ==> Upgrading 1 outdated package: xz 5.5.0 -> 5.6.0 ... Downloading https://ghcr.io/v2 Fetching xz Downloading https://ghcr.io/v2 1:02 PM Mar 30, 2024 108.6K Views

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

UNDERGROU vx-underground @vxunderground : The xz backdoor was initially caught by a software engineer at Microsoft. He noticed 500ms lag and thought something was suspicious. This is the Silver Back Gorilla of nerds. The internet final boss. dTec undTec@mastodon.social e micro-benchmarking at the time, em to reduce noise. Saw sshd prod g amount of CPU, despite immedia g usernames etc. Profiled sshd, sh na, with perf unable to attribute it t alled that I had seen an odd valgrin zma installed, logins via ssh beco alhost ermission denied (publickey). ng of postgres, a few weeks earlier, ermission denied (publickey). lot of coincidences. 9:49 AM · Mar 30, 2024 3.7M Views

UNDERGROU vx-underground @vxunderground : The xz backdoor was initially caught by a software engineer at Microsoft. He noticed 500ms lag and thought something was suspicious. This is the Silver Back Gorilla of nerds. The internet final boss. dTec undTec@mastodon.social e micro-benchmarking at the time, em to reduce noise. Saw sshd prod g amount of CPU, despite immedia g usernames etc. Profiled sshd, sh na, with perf unable to attribute it t alled that I had seen an odd valgrin zma installed, logins via ssh beco alhost ermission denied (publickey). ng of postgres, a few weeks earlier, ermission denied (publickey). lot of coincidences. 9:49 AM · Mar 30, 2024 3.7M Views

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

Agrief seed oil disrespecter @softminus software engineers will notice half a second of latency in something that should be instant and will move heaven and earth to fix it, or at least to understand why; and this seems to have blown an operation that had started to install a backdoor on every Debian/Ubuntu SSH server HaxRob @haxrob⚫ Mar 30 Replying to @haxrob Plans to literally "hack the planet" foiled due to 500ms of latency that Andres instinctually investigated. The latency was due how the malicious code parsed symbol tables in memory. Show more With the backdoored liblzma installed, logins via ssh become a lot slower. time ssh nonexistant@...alhost before: nonexistant@...alhost: Permission denied (publickey). before: real 0m0.299s user 0m0.202s sys 0m0.006s after: nonexistant@...alhost: Permission denied (publickey). real 0m0.807s user 0m0.202s sys 0m0.006s 2:25 AM Mar 30, 2024 2.3M Views • •

Agrief seed oil disrespecter @softminus software engineers will notice half a second of latency in something that should be instant and will move heaven and earth to fix it, or at least to understand why; and this seems to have blown an operation that had started to install a backdoor on every Debian/Ubuntu SSH server HaxRob @haxrob⚫ Mar 30 Replying to @haxrob Plans to literally "hack the planet" foiled due to 500ms of latency that Andres instinctually investigated. The latency was due how the malicious code parsed symbol tables in memory. Show more With the backdoored liblzma installed, logins via ssh become a lot slower. time ssh nonexistant@...alhost before: nonexistant@...alhost: Permission denied (publickey). before: real 0m0.299s user 0m0.202s sys 0m0.006s after: nonexistant@...alhost: Permission denied (publickey). real 0m0.807s user 0m0.202s sys 0m0.006s 2:25 AM Mar 30, 2024 2.3M Views • •

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

https://news.ycombinator.com/item?id=39865810#39866275

rwmj 1 day ago | next [-] Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features". We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo. He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise. reply

rwmj 1 day ago | next [-] Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features". We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo. He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise. reply

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

hackerfantastic.x @hackerfantastic Follow The author of the 'xz' backdoor commit history and activity shows that they kept office hours mostly. Mon-Fri, every other Saturday, I would imagine some of these would correlate with public holidays as this was clearly not a hobbyist. github.com/ JiaT75?tab=ove... 413 contributions in 2023 Mon Wed Fri Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Learn how we count contributions 8:06 PM - Mar 29, 2024 781K Views Less More

hackerfantastic.x @hackerfantastic Follow The author of the 'xz' backdoor commit history and activity shows that they kept office hours mostly. Mon-Fri, every other Saturday, I would imagine some of these would correlate with public holidays as this was clearly not a hobbyist. github.com/ JiaT75?tab=ove... 413 contributions in 2023 Mon Wed Fri Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Learn how we count contributions 8:06 PM - Mar 29, 2024 781K Views Less More

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

alden @birchboy Interesting note on the #xz backdoor: If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity. : If the dev was pwned, it could be a sign that the threat actor contributed in their own timezone 23:30- 23:00- 22:30- • 22:00- 21:30- 21:00 20:30- 20:00- 19:30 19:00 18:30 18:00- 17:30 17:00 16:30 16:00 15:30 15:00 14:30 14:00 5 13:30 13:00 12:30 12:00 ㅎ 11:30 11:00 10:30 10:00- 9:30 9:00 8:30 8:00 7:30- 7:00 6:30 6:00 oss-fuzz 5:30 cpp-docs 5:00 4:30 ⚫ wasmtime 4:00 • .github 3:30 3:00 XZ 2:30 • 2:00 1:30 1:00 0:30 0:00 ALT 01 xz-java xz-embedded tukaani-project.github.io 2022-04 2022-07 Jai Tan's Git Commits Over Time by Repository Malicious Commits Cluster: - Tests: Update two test files. ·liblzma: Fix false Valgrind error report with GCC. 2022-10 • 8:34 PM Mar 29, 2024 623.1K Views 2023-01 Date 2023-04 2023-07 2023-10 2024-01 2024-04

alden @birchboy Interesting note on the #xz backdoor: If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity. : If the dev was pwned, it could be a sign that the threat actor contributed in their own timezone 23:30- 23:00- 22:30- • 22:00- 21:30- 21:00 20:30- 20:00- 19:30 19:00 18:30 18:00- 17:30 17:00 16:30 16:00 15:30 15:00 14:30 14:00 5 13:30 13:00 12:30 12:00 ㅎ 11:30 11:00 10:30 10:00- 9:30 9:00 8:30 8:00 7:30- 7:00 6:30 6:00 oss-fuzz 5:30 cpp-docs 5:00 4:30 ⚫ wasmtime 4:00 • .github 3:30 3:00 XZ 2:30 • 2:00 1:30 1:00 0:30 0:00 ALT 01 xz-java xz-embedded tukaani-project.github.io 2022-04 2022-07 Jai Tan's Git Commits Over Time by Repository Malicious Commits Cluster: - Tests: Update two test files. ·liblzma: Fix false Valgrind error report with GCC. 2022-10 • 8:34 PM Mar 29, 2024 623.1K Views 2023-01 Date 2023-04 2023-07 2023-10 2024-01 2024-04

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

rwmj 17 hours ago | parent | context | favorite | on: Backdoor in upstream xz/liblzma leading to SSH ser... Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features". We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo. He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise.

rwmj 17 hours ago | parent | context | favorite | on: Backdoor in upstream xz/liblzma leading to SSH ser... Very annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features". We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added). We had to race last night to fix the problem after an inadvertent break of the embargo. He has been part of the xz project for 2 years, adding all sorts of binary test files, and to be honest with this level of sophistication I would be suspicious of even older versions of xz until proven otherwise.

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

• thaddeus e. grugq thegrugq@infosec.exchange @thegrugq Mar 29 On the .xz backdoor. It is hard to see how the developer Jia Tan is innocent. The backdoor was added in 5.6.0 by his account. He contacted Fedora to push them to move to 5.6.0. There was a problem with valgrind, they worked with hi to resolve it. He commits the fix in 5.6.1. 33 17675 4.9K Il 953K • thaddeus e. grugq thegrugq@infosec.exchange @thegrugq Mar 29 If Jia Tan did not commit the backdoor in 5.6.0, and his account was hijacked, it strains credulity that he worked on fixing an issue introduced from a fraudulent commit in his name without noticing. Instead, he worked with Fedora to resolve the issue and committed a fix. 3 17 16 580 Ill 58K thaddeus e. grugq thegrugq@infosec.exchange @thegrugq Mar 29 Fedora: news.ycombinator.com/item?id=398658... OSS announce: openwall.com/lists/oss-secu... Backdoor Commit: tukaani-project/xz Tests: Add a few test files. 19 lines changed +19-0 JiaT75 committed February 23, 2024 --cf44e4b Tests: Add a few test files. • tukaani-project/xz@cf44e4b From github.com 3 27 17 315 IlII 61K

• thaddeus e. grugq thegrugq@infosec.exchange @thegrugq Mar 29 On the .xz backdoor. It is hard to see how the developer Jia Tan is innocent. The backdoor was added in 5.6.0 by his account. He contacted Fedora to push them to move to 5.6.0. There was a problem with valgrind, they worked with hi to resolve it. He commits the fix in 5.6.1. 33 17675 4.9K Il 953K • thaddeus e. grugq thegrugq@infosec.exchange @thegrugq Mar 29 If Jia Tan did not commit the backdoor in 5.6.0, and his account was hijacked, it strains credulity that he worked on fixing an issue introduced from a fraudulent commit in his name without noticing. Instead, he worked with Fedora to resolve the issue and committed a fix. 3 17 16 580 Ill 58K thaddeus e. grugq thegrugq@infosec.exchange @thegrugq Mar 29 Fedora: news.ycombinator.com/item?id=398658... OSS announce: openwall.com/lists/oss-secu... Backdoor Commit: tukaani-project/xz Tests: Add a few test files. 19 lines changed +19-0 JiaT75 committed February 23, 2024 --cf44e4b Tests: Add a few test files. • tukaani-project/xz@cf44e4b From github.com 3 27 17 315 IlII 61K

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

thaddeus e. grugq thegrugq@infosec.exchange @thegrugq Mar 29 On the .xz backdoor. It is hard to see how the developer Jia Tan is innocent. The backdoor was added in 5.6.0 by his account. He contacted Fedora to push them to move to 5.6.0. There was a problem with valgrind, they worked with hi to resolve it. He commits the fix in 5.6.1. 33 17 675 Jacob S @ResidentMemer Mar 29 • 4.9K Il 952K ↑ Let's call it. What's the intended malicious end to this? What is the purpose of this backdoor? Q1 271 180 115K thaddeus e. grugq thegrugq@infosec.exchange @thegrugq. Mar 29 According to the reports it provides remote access. There appears to be a method for a malicious user with an rsa key to authenticate to the backdoored sshd. ○ 2 17 14 604 Il 116K Jacob S @ResidentMemer · Mar 29 That's the functionality, what is the end game? It seems like more than just a cash-grab/ransom operation. Am I cynical to suspect a state actor? 3 173 204 III 103K ☐ 1 thaddeus e. grugq thegrugq@infosec.exchange @thegrugq The end game would be the ability to login to every Fedora, Debian and Ubuntu box on the internet. If it isn't a state actor it should be... 6:57 PM Mar 29, 2024 1.7M Views

thaddeus e. grugq thegrugq@infosec.exchange @thegrugq Mar 29 On the .xz backdoor. It is hard to see how the developer Jia Tan is innocent. The backdoor was added in 5.6.0 by his account. He contacted Fedora to push them to move to 5.6.0. There was a problem with valgrind, they worked with hi to resolve it. He commits the fix in 5.6.1. 33 17 675 Jacob S @ResidentMemer Mar 29 • 4.9K Il 952K ↑ Let's call it. What's the intended malicious end to this? What is the purpose of this backdoor? Q1 271 180 115K thaddeus e. grugq thegrugq@infosec.exchange @thegrugq. Mar 29 According to the reports it provides remote access. There appears to be a method for a malicious user with an rsa key to authenticate to the backdoored sshd. ○ 2 17 14 604 Il 116K Jacob S @ResidentMemer · Mar 29 That's the functionality, what is the end game? It seems like more than just a cash-grab/ransom operation. Am I cynical to suspect a state actor? 3 173 204 III 103K ☐ 1 thaddeus e. grugq thegrugq@infosec.exchange @thegrugq The end game would be the ability to login to every Fedora, Debian and Ubuntu box on the internet. If it isn't a state actor it should be... 6:57 PM Mar 29, 2024 1.7M Views

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer

XZ Backdoor Linux Hack

AndresFreundTec @AndresFreund Tec I accidentally found a security issue while benchmarking postgres changes. If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP. openwall.com/lists/oss-securit... ← 94 www.openwall.com oss-security-backdoor in upstream xz/l... = 1d ••• AndresFreundTec @AndresFreundTec@mastodon.social I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates. Really required a lot of coincidences. Mar 29, 2024, 02:32 PM • Web

AndresFreundTec @AndresFreund Tec I accidentally found a security issue while benchmarking postgres changes. If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP. openwall.com/lists/oss-securit... ← 94 www.openwall.com oss-security-backdoor in upstream xz/l... = 1d ••• AndresFreundTec @AndresFreundTec@mastodon.social I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates. Really required a lot of coincidences. Mar 29, 2024, 02:32 PM • Web

XZ Backdoor Linux Hack

xz backdoor linux hack the world ssh connections andres freund (tech) xz backdoor hack explained two year plan linux ubuntu hacker xz backdoor explained vulnerability microsoft engineer