sjvn,
@sjvn@mastodon.social avatar

This backdoor almost infected everywhere: The XZ Utils close call https://zdnet.com/article/this-backdoor-almost-infected-linux-everywhere-the-xz-utils-close-call/ by @sjvn

We dodged a bullet with the XZ Utils malware assault, but we can do better at preventing such , supply chain attacks in the future.

anehzat,
@anehzat@mastodon.social avatar

@sjvn thanks for covering the article Steven. Is there any interest in covering a followup story with a potential solution to the problem? https://docs.google.com/document/d/1K1525_PcBNxr4Lvt39llUWwrPnOoXE7Z5J7ALWHCSiM/edit?usp=sharing

aho,
@aho@mastodon.social avatar

@sjvn read the long thread at the Arch bugzilla if they were affected or not, seems they got to the conclusion that they don't use the tarball but pull directly from the git.

Yeah, it was a "clever" work to infect Linux distributions, kind of brings my mind to the ms win98se with preinstalled virus.

Here is a site that claims to check your binary if it's affected (don't have a known version that was affected so can't confirm):

https://xz.fail

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux
  • DreamBathrooms
  • magazineikmin
  • cubers
  • everett
  • rosin
  • Youngstown
  • ngwrru68w68
  • slotface
  • osvaldo12
  • Durango
  • kavyap
  • InstantRegret
  • tacticalgear
  • khanakhh
  • megavids
  • GTA5RPClips
  • normalnudes
  • thenastyranch
  • mdbf
  • ethstaker
  • modclub
  • Leos
  • tester
  • provamag3
  • cisconetworking
  • anitta
  • JUstTest
  • lostlight
  • All magazines
    •