kerker00Mar 30, 2024
@nak hihi … oh https://infosec.exchange/@SecureOwl/112180749579156870
Mike Sheward (@[email protected])

“Are we impacted by this XZ vulnerability?” “No. Fortunately, our patching process prevented the malicious code from ever getting anywhere close to our environment.” “But we don’t have a patching process?” “Exactly.”

Infosec Exchange
Show threadAndreas UfertMar 30, 2024
@kerker00 🤓
Show threadAndreas UfertMar 30, 2024
@kerker00 BTW: https://layers.openembedded.org/layerindex/recipe/101/
OpenEmbedded Layer Index - xz

Show threadAndreas Ufert
@kerker00 https://boehs.org/node/everything-i-know-about-the-xz-backdoor
Everything I know about the XZ backdoor

Please note: This is being updated in real-time. The intent is to make sense of lots of simultaneous discoveries

Mar 30, 2024 at 6:40pmWeb
Show threadAndreas UfertMar 30, 2024

@kerker00 https://youtu.be/jqjtNDtbDNI?si=rbAgeMhiieGVd7gc

Das ist schon echt beeindruckend gut versteckt. Meine Güte. Insofern eher erstaunlich, dass es schon nach zwei Versionen entdeckt wurde. Durch Timing-Auffälligkeiten!

malicious backdoor found in ssh libraries

YouTube