cccfr, German
@cccfr@chaos.social avatar

xz or not xz , thats the question?
ugly, mode: alles anzünden

"Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing."

#leak #backdoor #ssh #Internet #xz #linux #rsa #libzma #openssh #CVE20243094 #sicherheitslücke
https://www.youtube.com/watch?v=jqjtNDtbDNI
https://openwall.com/lists/oss-security/2024/03/29/4
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://sc.tarnkappe.info/d941c4

cccfr,
@cccfr@chaos.social avatar

"I think a LOT of people are missing the fact that we got LUCKY with this malicious backdoor.".

you could be affected if using Debian sid or kali.
In other cases you probably wont.

we expect more, and good detailed write ups / Videos on that the coming hours and days.

"I gave a talk about state actors attacking FOSS, ten years ago, on : https://www.youtube.com/watch?v=3jQoAYRKqhg "

here 2 threads
https://chaos.social/@tinker@infosec.exchange/112180669379673577
https://chaos.social/@tinker@infosec.exchange/112181161454177547

mcfly,
@mcfly@milliways.social avatar

@cccfr that is for the backdoor that was found - and i would make the argument that that was luck.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • internet
  • tester
  • DreamBathrooms
  • osvaldo12
  • mdbf
  • everett
  • magazineikmin
  • khanakhh
  • Youngstown
  • rosin
  • slotface
  • modclub
  • kavyap
  • tacticalgear
  • ngwrru68w68
  • provamag3
  • thenastyranch
  • cisconetworking
  • Durango
  • ethstaker
  • InstantRegret
  • normalnudes
  • Leos
  • GTA5RPClips
  • megavids
  • cubers
  • anitta
  • JUstTest
  • lostlight
  • All magazines
    •