see shy jo on Nostr: Kind of glad that ssh access was a nice juicy target for the backdoored xz. Imagine ...
Kind of glad that ssh access was a nice juicy target for the backdoored xz. Imagine if it had lurked until unpacking tar.xz sources and then ran arbitrary payloads embedded in the xz files. Could have allowed targeted ongoing exploitation of builds.
Published at
2024-03-29 18:17:04Event JSON
{
"id": "10c690f5475e93617149bf7f152bde429c8fcff4466a44bc654f09193d3e61cf",
"pubkey": "38d81ebfc3bfd1ed5931f48829176a2eed648d5220545c52ff6d8cde895a9d43",
"created_at": 1711736224,
"kind": 1,
"tags": [
[
"proxy",
"https://hachyderm.io/users/joeyh/statuses/112180345201642121",
"activitypub"
]
],
"content": "Kind of glad that ssh access was a nice juicy target for the backdoored xz. Imagine if it had lurked until unpacking tar.xz sources and then ran arbitrary payloads embedded in the xz files. Could have allowed targeted ongoing exploitation of builds.",
"sig": "0730d93b1a5ebd9a31e1f00ce71ef68f7ea55afd3cfeee06960f0faf333846813cf359674f7b2d77b12a9cbc83028188f0ee0157884081c848d26856fb93fd40"
}
