#cve20243094 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cve20243094, aggregated by home.social.
-
Veritasium covers the #xz compromise. This is well done. It starts off explaining open source. It explains encryption and compression. It explains software dependencies. It explains how the back door would have worked. Good watch.
#Backdoor #Veritasium #CVE #CVE20243094
https://youtu.be/aoag03mSuXQ -
Neues Video von #Simplicissimus: „Eine Gruppe Hacker hätte sich beinahe Zugang zu Millionen von Servern auf der ganzen Welt verschafft. Doch ein deutscher Software-Entwickler hat ihnen einen Strich durch die Rechnung gemacht.“
https://www.youtube.com/watch?v=8p8PHeGg--U
Hintergrund: https://de.wikipedia.org/wiki/CVE-2024-3094
#xz #linux #opensource #quelloffen #backdoor #github #CVE20243094 #ssh -
#XZUtils 5.6.2 (stable) has been released (#xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression / #CVE / #CVE20243094) https://tukaani.org/xz/
-
#XZUtils 5.6.2 (stable) has been released (#xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression / #CVE / #CVE20243094) https://tukaani.org/xz/
-
#XZUtils 5.6.2 (stable) has been released (#xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression / #CVE / #CVE20243094) https://tukaani.org/xz/
-
#XZUtils 5.6.2 (stable) has been released (#xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression / #CVE / #CVE20243094) https://tukaani.org/xz/
-
@jrt @ph0lk3r @hisolutions @HonkHase
Vielen Dank für den Aufschrieb. Ich hoffe, dass jemand aus dieser Vorlage einen Krimi macht.
Hättet ihr Lust, das als szenische Lesung oder (Socken-)Puppentheater beim #38c3 aufzuführen?
-
nice demo and explanation of #xz #liblzma #ssh #exploit #backdoor #CVE20243094
https://www.youtube.com/watch?v=vV_WdTBbww4 -
Nice! @amlw wrote a PoC exploit and a honeypot for the xz backdoor.
-
#JustInCase I have mirrored @thesamesam gist at https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 (the xz backdoor/exploit FAQ) locally and on https://codeberg.org/jwildeboer/gists/src/branch/main/20240401CVE20243094FAQMirror.md Will setup some sort of automatic update script later. I don't think Github will somehow interfere with this FAQ, but hey, better safe than sorry and stuff :)
This is just a FYI. Please do NOT use my manual mirror of the FAQ and bookmark ONLY the original source.
-
Warning, #XZUtils 5.6.0 has a #backdoor (#xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression), please revert quickly! #CVE20243094 (CVE-2024-3094) https://www.openwall.com/lists/oss-security/2024/03/29/4
-
Warning, #XZUtils 5.6.0 has a #backdoor (#xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression), please revert quickly! #CVE20243094 (CVE-2024-3094) https://www.openwall.com/lists/oss-security/2024/03/29/4
-
Warning, #XZUtils 5.6.0 has a #backdoor (#xz / #LZMAUtils / #LZMA / #LZMA2 / #DataCompression), please revert quickly! #CVE20243094 (CVE-2024-3094) https://www.openwall.com/lists/oss-security/2024/03/29/4
-
Red Hat Issues a Warning to Fedora Linux Users Related to a Critical 10-out-of-10 Vulnerability: https://www.reviewspace.info/unveiling-the-xz-supply-chain-compromise-red-hat-s-warning-to-fedora-linux-users
#RedHat #FedoraLinux #xzLibrary #SupplyChainCompromise #Cybersecurity #CVE20243094 #OpenSSH #systemd #Cybersecurity #TechnologyNews
-
The backdoor's source code ?
it was on GitHub
in a commit visible in a public repotherefore
OpenAI might have been training ChatGPT on it *already*
or other folks training their own 'code gen' LLMs on it
"But I can just blindly trust whatever code snippet that this LLM recommends! Right? Right?!"
*cough*
-
one of today's lessons is that if each FOSS package had their own test suite for performance regressions one might catch an odd spike in CPU/latency/memory/network that is a symptom of a backdoor or attack attempt. if its new AND unexpected one should dig in
I'm the author of a FOSS Golang latency instrumentation lib designed especially to be used by perf regression tests:
https://github.com/mkramlich/LatLearn