shellsharksMar 31, 2024

There's A LOT going on (analysis, discussion, vendor notices, etc...) related to the ongoing xz/liblzma compromise so I created a "link roundup" which centralizes and buckets a lot of the awesome links and threads I've seen flying around.

https://shellsharks.com/xz-compromise-link-roundup

I will *try* to keep this up-to-date (ish) for a few days while things are hot but I make no promises beyond that.

#cve20243094 #xz #xzbackdoor #xzorcist #supplychainattack #xz4shell #infosec #cybersecurity

xz/liblzma Compromise Link Roundup

Links to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).

shellsharks
Show threadshellsharksMar 31, 2024

So cool to see the flurry of *stuff* from the greater #tech / #infosec Mastodon collective. Big shoutout and credit to these folks for sharing what they can, surely sacrificing their Friday and beyond.

@megmac @zeno @rugk @harrysintonen @landley @techsaviours @rene_mobile @himazawa @GossiTheDog @js @gynvael @cmdr_nova @kpwn @SteveBellovin @vegard @yossarian @jerry @danderson @AndresFreundTec @swelljoe @filippo @lcamtuf @eb @claudiom @Malwar3Ninja @simontsui @wdormann

Show threadFrancesco Giordano 
@shellsharks thanks for the shoutout Mike
Mar 31, 2024 at 11:38amWeb