[$] How the XZ backdoor works
Date:
Tue, 02 Apr 2024 20:41:41 +0000
Description:
Versions 5.6.0 and 5.6.1 of the XZ compression utility and library
were shipped with a backdoor that targeted OpenSSH .
Andres Freund discovered the backdoor by
noticing that failed SSH logins were taking a lot of
CPU time while doing some
micro-benchmarking, and tracking down the backdoor from there. It was introduced
by XZ co-maintainer "Jia Tan" a probable alias for person or persons unknown. The backdoor is a sophisticated attack with multiple parts, from the build system, to link time, to run time.
======================================================================
Link to news story:
https://lwn.net/Articles/967192/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)