Techly NewsGet the app

Get the latest tech news

I discovered a critical exploit in ZeroMQ with mostly pure luck


Fang-Pen Lin's blog about programming

After spending more than two years gaining the trust of the original author, that person (or persona) patched the software with layers of obfuscation and batch scripts extracted from seemingly harmless testing binary files. The backdoor was discovered by a principal software engineer working for Microsoft who happened to be testing PostgreSQL performance and noticed abnormal CPU usage after updating his Linux system. I wonder how sandbox technologies such as Seccomp, landlock, and App Armor could play a role in stopping or at least making the attacks much more difficult in the future (probably not in the xz backdoor’s case).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of critical exploit

critical exploit

Photo of pure luck

pure luck

Photo of ZeroMQ

ZeroMQ

« Bash's sadly flawed smart (programmable) completion
Introduction to Sentence Embeddings »