>they still can't decode the xz backdoor and what home its phoning
Shopping Cart Returner Shirt $21.68 |
Tip Your Landlord Shirt $21.68 |
Shopping Cart Returner Shirt $21.68 |
>they still can't decode the xz backdoor and what home its phoning
Shopping Cart Returner Shirt $21.68 |
Tip Your Landlord Shirt $21.68 |
Shopping Cart Returner Shirt $21.68 |
it doesn't phone home moron, it hooks sshd to do
>if "muh key matches" then system("muh payload")
You're a moronic homosexual. Everything about what it does has already been documented, and what it does is allowing for other things to be done.
op confirms it's chinese
Was getting caught part of their plan?
It's to distract you from the real issue
https://en.wikipedia.org/wiki/Mamatlakala_highway_accident
Ate the victims white?
it's not china you're racist
>you're racist
Yes.
It's been patched fricktard. It was only an issue for 3 days. Calm down homosexual. It never affected Debian nor Arch users.
It's not phoning, chud. My opensnitch is silent.
did you really test the infected sshd? i wanted to make a vm+wireshark thing but got too lazy. got any pics?
There's this analysis of the install script.
https://research.swtch.com/xz-script
The same person typed up a timeline as well.
https://research.swtch.com/xz-timeline
It sounds that due to how the RCE was implemented it might take a while to fully analyze.
Backdoors don't phone home.
im never installing linux
>OP can't read
https://www.openwall.com/lists/oss-security/2024/03/29/4
Not OP but that was just the initial e-mail detailing the discovery of the exploit. It is a far from complete analysis and only shows that there is an exploit and it's somehow fricking with RSA ssh shit via systemd via lzma.
It's a little unclear what OP means because this doesn't phone home. It's possible OP is just moronic.
Currently the speculation is that the exploit is actually an RCE.
>Attacker disguises payload as an RSA public key and signs it with their own key.
>Uses said public key in an attempt to connect to a compromised computer
>If the compromised computer detects the attacker's signature then it extracts and executes the payload. Otherwise it reverts to regular behavior.
I guess the way this works it's difficult to build network scanners for it, so possibly this is what OP meant (but again, it's highly possible OP is moronic).
There's a lot more unknown about the code and it seems it has mechanisms for possible future updates and stuff. An extremely sophisticated attack overall.
read the fricking emails
there are links to at least two other very thorough analyses in it. check Saturday and Sunday. or just search for it
there is already a PoC what the frick are you talking about
moron stop talking
gov.il
I'm on Linux mint. I don't have to worry about any of that shit
Ironically the vulnerability was found by a Micosoft engineer.
Beautiful watching Linuxtards seethe.
It's not uncommon to have Microsoft engineers contribuiting to open source software.
I mean, they're Linuxtards themselves.
Because even Microsoft knows that windows is garbage for cloud. Poo in loo streetshitter.
this linuxtard who found out about the backdoor just happens to work for micro$oft
doesn't mean it's micro$oft who notice the backdoor
cope
he noticed the backdoor not because micro$oft paid him to do that
Ok, I'll give he wasn't directed to do this. But an m$ employee found and reported the issue. idgaf about the techno tribalism, I'm just glad it was found.
>work for micro$oft
>doesn't mean it's micro$oft
No, It literally means that you copetard.
>microsoft found a backdoor they made in the first place
behead americans
THIS, for decades they shit on windblows and yet get caught with their pants down with shit stains. feels good to be mac
So as long as I downgrade to the older version, I'm fine? Is there anything I need to check?
downgrade your xz and liblzma (if liblzma is a separate package to xz in your distro)
but the actual cause is debian patching openssh to depend on libsystemd, in which libsystemd depends on liblzma
Just update, afaik everyones already rolled out fixes for this the day it happened and anything stable wasn't affected.
just decompile it and look for yourself homosexual