Filippo Valsorda: This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library. Looks like this got caught by chance. Wonder how long it would have taken otherwise.

See full post

Filippo Valsorda filippo.abyssdomain.expert
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library. Looks like this got caught by chance. Wonder how long it would have taken otherwise.
- Filippo Valsorda filippo.abyssdomain.expert · Mar 29, 2024
  Woah. Backdoor in liblzma targeting ssh servers. www.openwall.com/lists/oss-se... It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support… Now I’m curious what it does in RSA_public_decrypt
  oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise
  
  openwall.com
Mar 29, 2024 19:29
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙