xz backdoor

from blog yield code();, | ↗ original
A malicious backdoor was discovered in xz library that implements LZMA compression. xz, among many other places, is used, indirectly, in sshd. My attempt to explain what happened.
This is a short summary. ↗ Open original to view full content

Related

A quick post on Chen’s algorithm
A Few Thoughts on Cryptographic Engineering | original ↗
Attack of the week: Airdrop tracing
A Few Thoughts on Cryptographic Engineering | original ↗
Exploiting aCropalypse: Recovering Truncated PNGs
David Buchanan's Blog | original ↗
Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library
Blog | Sam Curry | original ↗
One Weird Trick to Shrink Your PANDA Malware Logs by 84%
Push the Red Button | original ↗
Replaying Regin in PANDA
Push the Red Button | original ↗
Breaking Spotify DRM with PANDA
Push the Red Button | original ↗
on the xz backdoor
erock's devlog | original ↗
Bzip2 1.0.7 is released
Federico's Blog | original ↗
Preparing the bzip2-1.0.7 release
Federico's Blog | original ↗

More from yield code();

Why DX doesn't matter
5 Nov 2024 | original ↗

Developer experience, or shortly DX, seems to be the number one thing that people pay attention to in their chosen tools/frameworks.

Software Development Fragmentation
30 Oct 2024 | original ↗

About 15 years ago, I got my first software engineering job, and the way things were done back then--was different.

One year of Rust in production
22 Sept 2024 | original ↗

It's been almost a year for me developing, maintaining, and running a production web application written in Rust.

Software development is hard
17 Aug 2024 | original ↗

For the past few weeks I've been thinking about how hard it is to develop software.

Let's blame the dev who pressed "Deploy"
21 Jul 2024 | original ↗

Following the CrowdStrike outage, I've stumbled upon an articles that claims that developers should have consequences. Do they?