Skip to main content

Who in the world is Jia Tan?


https://boehs.org/node/everything-i-know-about-the-xz-backdoor

https://changelog.com/news/88

https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and

https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor

From China? Eastern Europe? Nice graphic from twitter.

#xz #jiatan #linux #changelog

Techies vs spies: the xz backdoor debate

Diving into some of the dynamics and the interpretations of the brazen ploy to subvert the liblzma compression library.
lcamtuf (lcamtuf’s thing)
#linux #xz #jiatan #changelog

N. E. Felibata 👽 reshared this.

gunnar
gunnar  

https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27

^FAQ on the xz-utils backdoor (CVE-2024-3094)


xz-utils backdoor situation (CVE-2024-3094)

xz-utils backdoor situation (CVE-2024-3094). GitHub Gist: instantly share code, notes, and snippets.
Gist
gunnar
gunnar  

There is a remarkable comment here:

https://gynvael.coldwind.pl/?lang=en&id=782

"I can't stop thinking this is a spy agency job. I mean hackers will try to have quick return on investment, while here it is like it does not matter.
This remind me of such spyware #pegasus that use unknown security breach to provide spy service for governmental agencies."


xz/liblzma: Bash-stage Obfuscation Explained

gynvael.coldwind.pl
#pegasus