Lazy Bear DudeYeah I remember that xz utils backdoor from last year. Something so tiny and can be found and is used in most, if not all Linux systems, was compromised.
https://odysee.com/@BrodieRobertson:5/linux-malware-is-everywhere-these-days:e
Odysee
Stewart X AddisonPlaying around with compressing a directory structure full of XML files which are about 2MB each (one per directory) and which have a lot of commonality.
It included about 14GB of files in total. With gzip/bzip2/zstd/zip it goes down to ~1GiB (#gzip -> zstd -> bzip2 in order of decreasing size). With #xz it went down to about 67MiB. Huge difference for this use case. Decompressing it was MUCH faster with xz (5.0s vs 33.2s when writing to /dev/null - xz took 5X longer to compress than pigz)
TripTilt /// ttAnimated xkcd 2347.
I originally made this after the backdooring attempt of the XZ Utils repo by some entity named Jia Tan was discovered, but without sound. Finally, it is available in stereo, headphones recommended.
Damned, the whole thing was discovered in march 2024! The relevance of this clip might be like a sine wave, hopefully not, but we'll see :P
#b3d #blender3D #npr #xkcd #xkcd2347 #xz #backdoor #infrastructure
Morten LinderudWasn't #Bellingcat doing an entire investigation thing around Jia Tan and the xz stuff.
What happened there?
OttoRE: https://infosec.exchange/@joshbressers/115486406615810474
Subscribe to the Open Source Security podcast (opensourcesecurity.io) on your favorite platform and check out the latest episode where I am talking about how I did the #XZ Utils analysis in #Debian.
Bogdan BuduroiuIn light of the #AWS #incident , do y’all remember how the Jia Tan/ #xz exploit was so close to being upstreamed into the AWS Linux.
Think of the blast radius of today’s single datacentre downtime, and magnify it by probably an order of magnitude and you’d realise just how many businesses would now have a backdoor in their VMs
Hacker NewsCould the XZ backdoor been detected with better Git/Deb packaging practices?
https://optimizedbyotto.com/post/xz-backdoor-debian-git-detection/
#HackerNews #XZ #backdoor #Git #practices #Debian #detection #cybersecurity
Could the XZ backdoor have been detected with better Git and Debian packaging practices?
The discovery of a backdoor in XZ Utils earlier this year shocked the open source community, raising critical questions about software supply chain security. This post explores whether better Debian packaging practices could have detected this threat, offering a guide to auditing packages and suggesting future improvements.\n
N-gated Hacker News🎉 Behold, the groundbreaking revelation: #Xz is not the Holy Grail of data formats! 🚀 Apparently, using xz for digital preservation is like using a sieve as a bucket—bound to fail. Who knew? 🤦♂️ Stick to #bzip2, #gzip, or #lzip if you want actual functionality and avoid sinking your data into the abyss of inadequacy. 🔍💾
https://www.nongnu.org/lzip/xz_inadequate.html #dataformats #digitalpreservation #HackerNews #ngated
https://www.nongnu.org/lzip/xz_inadequate.html #dataformats #digitalpreservation #HackerNews #ngated
SonjaXZ uudisti hiustenhoitotuotteensa - esim. suklaa-vanilja tuotesarja onki nykyään pelkkä kaakao. Vertailin vanhaa ja uutta putelia ja ainesosaluettelo näytti suht samalle, mutta nyt ainaki tän tuotesarja tuotteissa on ai generoitu kuva, joka ilmoitetaan kärpäsen kaken kokosilla minikirjaimilla: "ai generated image" 🤯 Tietysti "hyvä" et ilmoittavat mut miksi ai:n tekemä, ihan varmasti ihminen ois pystynyt samaan (puteleissa kaakaopavun kuva).. eli uudistuksen seurauksena aiempi puteleita suunnitteleva ihminen vissiin lensi pihalle ja korvattiin ai:lla tai sitte se ihminen tekee ai-kuvat, voi mmöh 🙄 #xz #xztuotteet #aikuvat #tekoäly
Kevin Karhan 
A summary of the #xzutils #backdoor for #TechIlliterates....
#TLDW: Never underestimate "weapons-grade autism" when it comes to finding #sus stuff...
https://www.youtube.com/watch?v=F7iLfuci75Y
#xz #EncryptionBackdoor #Govware #SSH #documentary #ITsec #InfoSec #OpSec #ComSec
How a Hacker Saved the Internet
Visit https://fern.deals/brilliant for 20% off of a premium subscription. Start learning new skills today! It's also a great way to support our channel. (ad)...