I had legitimately never heard of XZ Utils until this week. Scary the amount of stuff that relies on things nobody ever thinks about.
I had legitimately never heard of XZ Utils until this week. Scary the amount of stuff that relies on things nobody ever thinks about.
Fucked up that everyone was willing to trust some rando nobody who straight up went "hey, don't check this update for malicious stuff :^)"This was a slow bake over 3 years. It wasn't like they just PR'd a backdoor.
https://gamefaqs.gamespot.com/a/forum/5/55df5722.jpgI thought the internet was made of tubes not Jenga blocks?!
I thought the internet was made of tubes not Jenga blocks?!
the NSA is trying to keep everything secret.
tldr on what it can do?
everywhere? all systems?Anything that used zx util which was an extremely common Linux package that linked to a lot of compiled binaries.
This was a slow bake over 3 years. It wasn't like they just PR'd a backdoor.I'll admit I don't really know how this stuff works, but 3 years doesn't really seem like a long time for something as big as this. I've seen pointless internet drama infiltrations cook over a period of a few years.
Well of course. They don't want it looked at too closely or someone might find the backdoor access that they have too.Look, this incident proves that we can't trust the modern digital infrastructure jenga tower to random internet people, we obviously have to hand it over to the US government.
I can't even pretend to understand what any of that means but it sounds like years or work was luckily discovered
oh so only Linux not windows or mac?
tldr on what it can do?
I can't even pretend to understand what any of that means but it sounds like years or work was luckily discoveredMr. Potato Head. Mr. Potato Head.
I create bad code.this is like the code jargon version of "draw the rest of the owl"
I put bad code into digital certificate.
I attempt to make SSH connection using digital certificate and backdoor key.
zx utils runs the bad code in the certificate automatically.
https://gamefaqs.gamespot.com/a/forum/5/55df5722.jpgBelieve it or not I've seen this comic before
this is like the code jargon version of "draw the rest of the owl"
Believe it or not I've seen this comic beforeIt's xkcd
Except in this case your photo ID has secret hypnotoad mind control and me looking at your id makes me open the register and give you all the cash and forget you were ever in the store.thats so epic
XZ Backdoor sounds like a Yugioh card.XYZ Backdoor. The card with more text than the Linux kernel.
I'm legitimately shocked no one cares about thisprobably because you're a while late <_<
probably because you're a while late <_<I mean the article is only 3 days old and I haven't seen anyone else here talking about it. It's not breaking news but it's not exactly stale either. It also had the benefit of getting shut down before it could be used. This had the potential to be worse than the SolarWinds hack.
It's not breaking news but it's not exactly stale either.I guess that's true, my perspective is somewhat skewed by the sorts of people I hang around with (bunch of tech nerds). I had all my conversations related to this a week ago back when it was discovered. I think that's probably why you don't really see talk about it somewhere like here; it's sort of inscrutable to people without some tech background, and many of those who do have the tech background would be hearing about it more quickly in other channels.
I mean the article is only 3 days old and I haven't seen anyone else here talking about it. It's not breaking news but it's not exactly stale either. It also had the benefit of getting shut down before it could be used. This had the potential to be worse than the SolarWinds hack.The problem is how hard it is for you to explain the problem in laymans terms