Thomas Roccia Mar 31, 2024

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!

I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

Show threadEnthalpisteMar 31, 2024

@fr0gger Wait a minute, do I get this correctly, they were checking and getting infos on the systems by changing some invisible characters in a filed they compressed, and made a bash script out of it that included the backdoor at compile time?

Or is it really too complicated for my dumb brain?

Show threadRotan

@Bibobu @fr0gger

The complexity is easier to understand if you examine the steps in reverse order. Once you've devised a working step N you can focus on step N-1. It's an onion layer of subtleties for sure, but no individual step is exceptionally complex.

Mar 31, 2024 at 9:44amWeb