Monday, April 1, 2024

What we know about the xz Utils backdoor that almost infected the world


Malware Detected Warning Screen with abstract binary code 3d digital concept

Enlarge / Malware Detected Warning Screen with abstract binary code 3d digital concept (credit: Getty Images)

On Friday, researchers revealed the discovery of a backdoor that was intentionally planted in xz Utils, an open-source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this project likely spent years on it. They were likely very close to seeing the backdoor update merged into Debian and Red Hat, the two biggest distributions of Linux when an eagle-eyed software developer spotted something fishy.

"This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library," software and cryptography engineer Filippo Valsorda said of the effort, which came frightfully close to succeeding.

Researchers have spent the weekend gathering clues. Here's what we know so far.

Read 22 remaining paragraphs | Comments

Reference : https://ift.tt/8Pg2s6I

No comments:

Post a Comment

ChatGPT’s success could have come sooner, says former Google AI researcher

In 2017, eight machine-learning researchers at Google released a groundbreaking research paper called Attention Is All You Need , which in...