awendt/README.md

Last active April 5, 2024 09:30

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/awendt/b2701a3269a7d246856a63040808f0c8.js"></script>
Save awendt/b2701a3269a7d246856a63040808f0c8 to your computer and use it in GitHub Desktop.

Download ZIP

CVE-2024-3094

Raw

Readling list

original description on OSS Security ML: backdoor in upstream xz/liblzma leading to ssh server compromise
Ars Technica: Backdoor found in widely used Linux utility targets encrypted SSH connections
Ars Technica: What we know about the xz Utils backdoor that almost infected the world
🇩🇪 Heise: Die xz-Hintertür: Das verborgene Oster-Drama der IT
🇩🇪 Heise: xz-Attacke: Hintertür enträtselt, weitere Details zu betroffenen Distros
Wired: The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
Prelim analysis by Filippo Valsorda 🕵️ Who is Filippo Valsorda?
first activity by perpetrator in 2021: libarchive/libarchive#1609
Evan Boehs' comprehensive timeline: Everything I Know About the XZ Backdoor
- 🕵️ Who is Evan Boehs? 🤷
- page linked to by Ars Technica here and by Wired here
Brian Krebs on the 'Jia Tan' persona 🕵️ Who is Brian Krebs?
FAQ on the xz-utils backdoor (CVE-2024-3094)

alexyans commented Apr 5, 2024

and another good compilation of resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment