BrianKrebsApr 3, 2024

One of the more interesting graphics I've seen regarding the XZ backdoor is a representation of Jia Tan's commits over time. Notice how the commits in question were done well outside the normal times this user committed code in the past.

Does this lend credence to the notion that somehow the Jia Tan account was hijacked? Maybe. Or maybe it just means the attackers got sloppy at the tail end of a 2 year op for unknown reasons, like they were up against a hard deadline that was tied to something happening IRL.

I'm curious what the prevailing theory is here.

Show threadBrianKrebsApr 3, 2024

I was somewhat able to follow along here, but I got lost a few times. Does this mean we think Libarchive also was also messed w/ by the XZ backdoor bandits?

https://github.com/libarchive/libarchive/pull/1609

Added error text to warning when untaring with bsdtar by JiaT75 · Pull Request #1609 · libarchive/libarchive

Added the error text when printing out warning and errors in bsdtar when untaring. Previously, there were cryptic error messages when, for example in issue #1561, the user tries to untar an archive...

GitHub
Show threadNot Simon
@briankrebs there is a coordinated libarchive review effort tracked in https://github.com/libarchive/libarchive/issues/2103
re-review commits · Issue #2103 · libarchive/libarchive

In light of the xz backdoor (https://www.cve.org/CVERecord?id=CVE-2024-3094) it seems prudent to (at least) review again commits by the same author. I believe these are the associated commits: 0f74...

GitHub
Apr 3, 2024 at 10:24pmWeb