Dnext

April 7, 2024 2:38pm

(17) blasty on X: "the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n https://t.co/s1zJ8EBiMl" / X

https://twitter.com/bl4sty/status/1776691497506623562

the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n pic.twitter.com/s1zJ8EBiMl
— blasty (@bl4sty) April 6, 2024

Hackaday (unofficial)

April 5, 2024 3:00pm

This Week in Security: XZ, ATT, and Letters of Marque

#hackadaycolumns #news #databreach #letterofmarque #ssh #thisweekinsecurity #xz #hackaday
posted by pod_feeder_v2

This Week In Security: XZ, ATT, And Letters Of Marque

The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, an…

anonymiss

April 4, 2024 3:41pm

#XZ #Backdoor: Times, damned times, and scams

However, I believe that he is actually from somewhere in the UTC+02 (winter)/UTC+03 (DST) timezone, which includes Eastern Europe (EET), but also Israel (IST), and some others. Forging time zones would be easy — no need to do any math or delay any commits. He likely just changed his system time to Chinese time every time he committed.

source: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and

#security #software #time #news #hack #linux #timezone

XZ Backdoor: Times, damned times, and scams

Some timezone observations on the recently discovered backdoor hidden in an xz tarball.

gunnar

April 2, 2024 2:01pm

Who in the world is Jia Tan?

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

https://changelog.com/news/88

https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and

https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor

From China? Eastern Europe? Nice graphic from twitter.

#xz #jiatan #linux #changelog

Christoph S

March 30, 2024 1:28pm

Everything I know about the XZ backdoor

#xz

https://boehs.org/node/everything-i-know-about-the-xz-backdoor

Hackaday (unofficial)

March 30, 2024 12:00am

Security Alert: Potential SSH Backdoor Via Liblzma

#news #securityhacks #backdoor #opensource #ssh #xz #hackaday
posted by pod_feeder_v2

Security Alert: Potential SSH Backdoor Via Liblzma

In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux systems. The m…

0 Persons are tagged with #xz

#xz

(17) blasty on X: "the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n https://t.co/s1zJ8EBiMl" / X

This Week in Security: XZ, ATT, and Letters of Marque

#XZ #Backdoor: Times, damned times, and scams

Who in the world is Jia Tan?

Everything I know about the XZ backdoor

Security Alert: Potential SSH Backdoor Via Liblzma