sos, 1 month ago to foss

Hey I need to get LZMA/LZMA2 lib source, where do I get one that's untouched by the scam person?

#foss #lzma

marcel, 1 month ago to random German

Wir sind dieses Wochenende nur durch unglaubliches Glück und extrem knapp an wohl einer der grössten Katastrophen rund um die globale IT-Sicherheit vorbeigeschrammt.

Phuh! Doch — was ist eigentlich passiert? Wie konnte das überhaupt geschehen? Und was können (und müssen) wir tun, um dies zukünftig zu vermeiden?

Und: Danke an die ganzen IT-Helden, die dies an diesem langen Wochenende für uns getan haben.
#xz #lzma #ssh
https://dnip.ch/2024/04/02/xz-open-source-ostern-welt-retten/

A Microcosm of the interactions in Open Source projects (robmensching.com)

Originally a thread on Twitter about the xz/liblzma vulnerability, when I finished typing it, I realized I had a real world slice of Open Source interaction that deserved more attention.

isaac, 2 months ago to linux

what's really wild is that I bet state actors could just find and offer money to unscrupulous open source contributors instead of wasting years on infiltration.

I bet somebody like that has his DMs open right now and state actors just have to be brave enough to reach out.

heck, state actors, I bet the answer is right in front of your eye sacks.

to repeat, the ANSWER is in front of your EYE SACK...

#getfedihired #liblzma #lzma #xz #cve #linux #OpenSSH

veronica, 2 months ago to python

Seems CPython is not affected by the liblzma backdoor issue.

https://discuss.python.org/t/cpython-pypi-and-many-python-packages-are-not-affected-by-the-backdoor-of-xz/49873

#Python #XZ #LZMA #Backdoor #Malware

stdevel, 2 months ago to linux

Admins on Monday be like…

#cve20243094 #xz #lzma #CVE #Linux #Security

morph, 2 months ago to random German

Finde die #xz-/ #lzma-Backdoor braucht noch nen catchy Namen, sonst wird das alles nix… Vorschläge bitte hier drunter! 👇

• lzmARSCH
• xzIBIT
• SSHeartbreak

🤔

uncanny_static, 2 months ago to openSUSE

Unfortunately, openSUSE Tumbleweed already includes version 5.6.1 of liblzma. Hence, if you are using Tumbleweed, your system might already be affected.
https://www.openwall.com/lists/oss-security/2024/03/29/4
#openSUSE #Linux #liblzma #lzma #xz #ssh #infosec

scy, 2 months ago to random

Eek. Apparently liblzma (part of the xz package) has a backdoor in versions 5.6.0 and 5.6.1, causing SSH to be compromised.

https://www.openwall.com/lists/oss-security/2024/03/29/4

This might even have been done on purpose by the upstream devs.

Developing story, please take with a grain of salt.

The 5.6 versions are somewhat recent, depending on how bleeding edge your distro is you might not be affected.

#liblzma #xz #lzma #backdoor #ITsecurity #OpenSSH #SSH

kkarhan, 5 months ago to linux

I really did underestimate #xz as compression for a #cpio #initramdisk:

I was able to just shove the pre-made, full & uncut #toybox binary from @landley and still have some breathing room.

Tho I expect this to change once I put a #linux #kernel in that has actual #networking capabilities...

This will be interesting for OS/1337.

http://landley.net/toybox/bin/
https://landley.net/toybox/help.html

#OS1337 #LinuxDevelopment #EmbeddedLinux #Development

the complete toybox binary outputting the commands it has implemented

jupiter, 10 months ago to amateurradio

Tired: Morse code was the first digital mode
Wired: Morse code was the first variable length encoding
#AmateurRadio

mike, 11 months ago to TodayILearned

Today I learned: Linux has multiple cats. 😺

For every single file compressor: #gzip, #bzip2, #lzma, #xz, and #zstd, there is a matching cat command: zcat, bzcat, lzcat, xzcat, and zstdcat. #TIL #TodayILearned #Cats #Cat

Demonstrating that each cat command (zcat, bzcat, lzcat, xzcat, and zstdcat) produces the same output: "Hello World!"