Neues Video von #Simplicissimus: „Eine Gruppe Hacker hätte sich beinahe Zugang zu Millionen von Servern auf der ganzen Welt verschafft. Doch ein deutscher Software-Entwickler hat ihnen einen Strich durch die Rechnung gemacht.“
https://www.youtube.com/watch?v=8p8PHeGg--U
Hintergrund: https://de.wikipedia.org/wiki/CVE-2024-3094
#xz #linux #opensource #quelloffen #backdoor #github #CVE20243094 #ssh
Recent searches
Search options
#cve20243094
0 posts0 participants0 posts today
Replied in thread
@jrt @ph0lk3r @hisolutions @HonkHase
Vielen Dank für den Aufschrieb. Ich hoffe, dass jemand aus dieser Vorlage einen Krimi macht.
Hättet ihr Lust, das als szenische Lesung oder (Socken-)Puppentheater beim #38c3 aufzuführen?
The xz Issue Isn’t About Open Source | The Changelog
https://changelog.complete.org/archives/10642-the-xz-issue-isnt-about-open-source
#rr #xz #cve20243094 #OpenSource
The Changelog · The xz Issue Isn’t About Open SourceYou’ve probably heard of the recent backdoor in xz. There have been a lot of takes on this, most of them boiling down to some version of: The problem here is with Open Source Software. I want…
Putting an xz Backdoor Payload in a Valid RSA Key | rya.nc
rya.nc · Putting an xz Backdoor Payload in a Valid RSA KeyLast week, a backdoor was discovered in xz-utils. The backdoor processes commands sent using RSA public keys as a covert channel. In order to prevent anyone else from using the backdoor, the threat…
Continued thread
[Announcement] "Xz/liblzma security update (post #2)" from the Ubuntu developers regarding #cve20243094
https://discourse.ubuntu.com/t/xz-liblzma-security-update-post-2/43801?u=popey
Perhaps the long con is an even longer con in which an attacker attempts to drive many #infosec people into burnouts over time by hiding malware in packages that are then discovered just before holiday weekends.
Achtung Linux Nutzer: Backdoor in XZ-Tarballs entdeckt - MichlFranken
https://www.michlfranken.de/linux-backdoor-xz-tarballs-entdeckt/
MichlFranken · Achtung Linux Nutzer: Backdoor XZ-Tarballs entdeckt - MichlFrankenTechnik-Blog für Linux, Unix, Open Source, Cloud Computing, Nachhaltigkeit und Co.
Nice! @amlw wrote a PoC exploit and a honeypot for the xz backdoor.
Put yourself in Jia Tan's shoes, the malicious contributor to the xz backdoor...
It's been, what, two... three?... years since you started this campaign. You've had the entire support of your team and of your chain of command.
Your coders created a complex and sublime backdoor. A secure! backdoor that only you and your team could connect to. Heck it can even be deleted remotely. This is clean code. A responsible hack that doesn't open up the backdoor for others to hijack.
You spend years on your long con - your social engineering skills are at the top of the game. You've ingratiated yourself painstakingly into multiple teams. Finally it all pays off and you're ready to go!
You succeed multiple times in getting your backdoor inserted in all the major Linux distributions!!! Now its just a matter of weeks before it makes it to production and stable releases!
This is the culmination of years of labor and planning and of a massive team and budget.
You did good.
This will get you promoted. Esteemed by your colleagues and leadership alike. Your spouse and kids will understsnd why you haven't been at home lately and why you've spent all those late nights at the office.
It's finally going to pay off.
But what's this?! Some rando poking around in their box running a pre-release unstable version of linux has found everything?!?! It's all being ripped down?! And on a Friday before a western holiday weekend?!?!
Fuck. Fuck. FUCK!!!
Three years for nothing!!! My wife is going to leave me! I missed my kid's recital for this!!! They'll hate me because I told them it was worth it. Daddy will be able to play with you again once Daddy finishes this last bit of work. But it was all for nothing!!!
Leadership took a big risk on me and my team but I kept assuring them it would pay off!
It would be one thing if another nation state found it and stopped it. But one random dude poking his nose where it shouldn't belong?! Ohhh fuck, I'm going to be fired. We're going to lose our budget. My team is going to be fired. I've let down everyone that ever believed in me and supported me and relied on me!
Oh fuck!!!
#JustInCase I have mirrored @thesamesam gist at https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 (the xz backdoor/exploit FAQ) locally and on https://codeberg.org/jwildeboer/gists/src/branch/main/20240401CVE20243094FAQMirror.md Will setup some sort of automatic update script later. I don't think Github will somehow interfere with this FAQ, but hey, better safe than sorry and stuff :)
This is just a FYI. Please do NOT use my manual mirror of the FAQ and bookmark ONLY the original source.
Gistxz-utils backdoor situation (CVE-2024-3094)xz-utils backdoor situation (CVE-2024-3094). GitHub Gist: instantly share code, notes, and snippets.
Hello #Forgejo admins,
We've published a post regarding the impact of the xz backdoor (CVE-2024-3094) on the Forgejo project.
https://forgejo.org/2024-03-xz/
forgejo.orgImpact of CVE-2024-3094 on Forgejo
Wünsche Euch frohe Feiertage, ohne solche faulen Eier 
Damit keine Panik ausbricht, Der #xzorcist getaufte #cve20243094 der Versionen xz 5.6.x erlaubt ssh RCE über den RSA Key 
ABER
"In stabile Debian- oder Ubuntu-Versionen hat die Hintertür es nicht geschafft, ...
Der macOS-Paketmanager Homebrew hingegen ist nicht direkt betroffen."
Termux/Gentoo Pakete bitte updaten.
Heise Medien on Mastodonheise Security (@heisec@social.heise.de)xz-Attacke: Hintertür enträtselt, weitere Details zu betroffenen Distros
Experten halten die Hintertür in liblzma für den bis dato ausgeklügeltesten Supplychain-Angriff. Er erlaubt Angreifern, aus der Ferne Kommandos einzuschleusen.
https://www.heise.de/news/xz-Attacke-Hintertuer-entraetselt-weitere-Details-zu-betroffenen-Distros-9671588.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
#Debian #Fedora #Linux #LinuxDistribution #OpenSource #Opensuse #RedHat #Security #SSH #Ubuntu #news
There's A LOT going on (analysis, discussion, vendor notices, etc...) related to the ongoing xz/liblzma compromise so I created a "link roundup" which centralizes and buckets a lot of the awesome links and threads I've seen flying around.
https://shellsharks.com/xz-compromise-link-roundup
I will *try* to keep this up-to-date (ish) for a few days while things are hot but I make no promises beyond that.
shellsharks · xz/liblzma Compromise Link RoundupLinks to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094)
Compliance Officers: „Maintainer, who does not owe me anything, I need you to fill out this form and take responsibility!“
Salespeople: „My product solves this and any other problem in cybersecurity. With a premium sub you can also end world hunger.“
LinkedIn Influencers: „The end is nigh! This time I’m sure!“
And again, it pays off that we never patch! The supply chain can't attack you if you don't use what it supplies!
Continued thread
Lasse Collin, original author of #Xz, replied on #LKML: https://lore.kernel.org/lkml/20240330144848.102a1e8c@kaneli/
"'"[…] I'm on a holiday and only happened to look at my emails and it seems to be a major mess.
My proper investigation efforts likely start in the first days of April. That is, I currently know only a few facts which alone are bad enough.
Info will be updated here: https://tukaani.org/xz-backdoor/"'"
#Homebrew has downgraded #xz from 5.6.1 to 5.4.6 in reason of #cve20243094
So perform an
brew update && brew upgrade to change your xz version.
Background https://www.openwall.com/lists/oss-security/2024/03/29/4
TR-82 - backdoor discovered in xz-utils - CVE-2024-3094
For more information including detection and information about vulnerable distribution https://www.circl.lu/pub/tr-82/
www.circl.luCIRCL » TR-82 - backdoor discovered in xz-utils - CVE-2024-3094TR-82 - backdoor discovered in xz-utils - CVE-2024-3094
Gerade meine Systeme mit dem Script
https://github.com/cyclone-github/scripts/blob/main/xz_cve-2024-3094-detect.sh
geprüft. Fazit: ein betroffenes System gefunden und auch gleich gefixt.
