You are viewing a single thread.
View all comments View context
4 points
*

What was the full story again? I’m googling but I can’t find it.

permalink
report
parent
reply
20 points
*

In a nutshell, a backdoor was intentionally planted by a malicious actor in xz Utils, an open-source data compression utility widely used in Linux and other Unix-like operating systems. This discovery was made by Andres Freund, a developer and engineer working on Microsoft’s PostgreSQL offerings. He was troubleshooting performance problems on a Debian system. Specifically, SSH logins were consuming excessive CPU cycles and generating errors with Valgrind, a memory debugging tool. Through sheer luck and Freund’s careful eye, he eventually discovered that these issues were the result of updates made to xz Utils. Upon closer inspection, he found that updates to xz Utils were the result of a maliciously inserted backdoor. The backdoor, present in xz Utils versions 5.6.0 and 5.6.1, manipulated the sshd executable, allowing anyone with a predetermined encryption key to upload and execute arbitrary code on affected devices.

permalink
report
parent
reply
7 points

I expected a link to a source, but this is even better (matches with the little I remember)

Thanks!

permalink
report
parent
reply

Programmer Humor

!programmer_humor@programming.dev

Create post

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

  • Keep content in english
  • No advertisements
  • Posts must be related to programming or programmer topics

Community stats

  • 3.4K

    Monthly active users

  • 1K

    Posts

  • 38K

    Comments