Sources
Loading...
Additional media
Loading...
DeepNewz, mobile.
People-sourced. AI-powered. Unbiased News.
The xz/liblzma backdoor incident has raised significant concerns in the software supply chain. Developer Jia Tan is implicated in adding the backdoor, which led to a compromise of SSH. The attack involved two years of project involvement and manipulation tactics. The incident highlights cybersecurity issues in many open-source projects, emphasizing the need for thorough vetting of dependencies and reproducible software. The vulnerability was initially detected by a Microsoft engineer, indicating the complexity and stealth of the attack.
“We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added).... with this level of sophistication, we would be suspicious of even older versions of xz until proven otherwise": https://t.co/P39m5Pv3ge #ethics #cybersec
With the #xz #backdoor any thinking person should be asking themselves, if they could get away with this and just narrowly got caught what else has been compromised to this level but has gone unnoticed?
Some interesting thoughts on the xz compression backdoor in liblzma (and the insertion of what appears to be the attacker’s own RSA key in OpenSSH Server on systems that use xz 5.6.x) here: https://t.co/YYRHzOXZcC
