Get the latest tech news
What we know about the XZ Utils backdoor that almost infected the world — Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.
"This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library," software and cryptography engineer Filippo Valsorda said of the effort, which came frightfully close to succeeding. Andres Freund, a developer and engineer working on Microsoft’s PostgreSQL offerings, was recently troubleshooting performance problems a Debian system was experiencing with SSH, the most widely used protocol for remotely logging into devices over the Internet. In an online interview, developer and reverse engineer HD Moore confirmed the Sam James suspicion that the backdoor targeted either Debian or Red Hat distributions.
Or read this on r/technology
/cdn.vox-cdn.com/uploads/chorus_asset/file/25347127/DSCF4030_Enhanced_NR.jpg)
