Dan GoodinApr 1, 2024

I'm doing my best to make my coverage of the xz backdoor accessible to laypeople while also providing the technical details engineers need. I'm also updating as new info becomes available. I hope it's helpful.,

https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/

What we know about the xz Utils backdoor that almost infected the world

Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.

Ars Technica
Show threadgunstick
@dangoodin the article szill says that the backdoor allows login. But in fact it allows remote code execution.
The payload is delivered as an ssh certificate. The login will fail, but the backdoor will read the certificate and extract the payload from there.
So there is never a remote login, but code can be run.
Apr 1, 2024 at 9:00pmWeb
Show threadDan GoodinApr 1, 2024

@gunstick

Thanks for pointing that out. I just reworked and am pretty sure I explained it better this time.

Show threadgunstickApr 5, 2024
@dangoodin yes sounds good.