Collaborate Disseminate
In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects. Continue reading Assessing the Y, and How, of the XZ Utils incident
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process. Continue reading XZ backdoor story – Initial analysis
The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone …read more Continue reading This Week in Security: XZ, ATT, and Letters of Marque
In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux …read more Continue reading Security Alert: Potential SSH Backdoor Via Liblzma