Atemu@lemmy.ml to Linux@lemmy.ml · 11 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square33fedilinkarrow-up132arrow-down10cross-posted to: selfhosted@lemmy.world
arrow-up132arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 11 months agomessage-square33fedilinkcross-posted to: selfhosted@lemmy.world
minus-squarecapt_kafei@lemmy.calinkfedilinkEnglisharrow-up2·11 months agoDamn, it is actually scary that they managed to pull this off. The backdoor came from the second-largest contributor to xz too, not some random drive-by.
minus-squareAmbiguousProps@lemmy.todaylinkfedilinkEnglisharrow-up3·11 months agoThey’ve been contributing to xz for two years, and commited various “test” binary files.
minus-squareAlex@lemmy.mllinkfedilinkarrow-up2·11 months agoIt’s looking more like a long game to compromise an upstream.
minus-squarecjk@feddit.delinkfedilinkarrow-up1·11 months agoEither that or the attacker was very good at choosing their puppet…
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up0·11 months agoIt would be nice if we could press formal charges
minus-squaresim642@lemm.eelinkfedilinkarrow-up1·11 months agoAssuming that it’s just that person, that it’s their actual name and that they’re in the US…
Damn, it is actually scary that they managed to pull this off. The backdoor came from the second-largest contributor to xz too, not some random drive-by.
They’ve been contributing to xz for two years, and commited various “test” binary files.
It’s looking more like a long game to compromise an upstream.
Either that or the attacker was very good at choosing their puppet…
It would be nice if we could press formal charges
Assuming that it’s just that person, that it’s their actual name and that they’re in the US…