BrianKrebsApr 3, 2024

One of the more interesting graphics I've seen regarding the XZ backdoor is a representation of Jia Tan's commits over time. Notice how the commits in question were done well outside the normal times this user committed code in the past.

Does this lend credence to the notion that somehow the Jia Tan account was hijacked? Maybe. Or maybe it just means the attackers got sloppy at the tail end of a 2 year op for unknown reasons, like they were up against a hard deadline that was tied to something happening IRL.

I'm curious what the prevailing theory is here.

Show threadTravis Lankow
@briankrebs https://github.com/systemd/systemd/pull/31550 likely increased pressure to get the backdoor into production distros, as that change would have impacted its usefulness. There was another proposed change IIRC that would have done similarly but I can’t find it at the moment.
Dynamically load compression libraries by teknoraver · Pull Request #31550 · systemd/systemd

Dynamically load compression libraries (LZ4, ZSTD, LZMA) so we can reduce the size of the initram images by omitting libraries which aren't really used.

GitHub
Apr 3, 2024 at 10:19pmWeb