Backdoor in XZ Utils That Almost Happened

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an untenable situation, and one that is being …

attack attention backdoor backdoors catastrophe cybersecurity discovery economics of security global hacking important internet linux major malware nation nation-state attack open source security social engineering ssh state story week xz utils