The XZ exploit: The day the internet got lucky
Description
This week we're talking about a backdoor inserted into a popular Linux file compression tool, which had the potential to massively undermine the security of vast swathes of the internet. What happened? How did it happen? And how was it thwarted?
Links
- Andres Freund's Mastodon - where he revealed the backdoor: https://mastodon.social/@AndresFreundTec
- Read more in Ars Technica's article about it: https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
- Read more in the verge's article about it https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempt
- Read more in Wired's article about it https://www.wired.com/story/jia-tan-xz-backdoor/
- Check out this excellent and very helpful diagram: https://twitter.com/fr0gger_/status/1775759514249445565
- The XKCD comic we mention: https://xkcd.com/538/
United States
