all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Malicious xz backdoor reveals fragility of open source

Add to bookmarks
April 1, 2024, 9:16 p.m. | Thomas Claburn

The Register - Security www.theregister.com

This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy

Analysis  The discovery last week of a backdoor in a widely used open source compression library called xz could have been a security disaster had it not been caught by luck and atypical curiosity about latency from a Microsoft engineer.…

analysis backdoor called caught compression curiosity defense disaster discovery edge latency library malicious open source security strategy week

Visit resource

More from www.theregister.com / The Register - Security

Think tank: China's tech brands refine and define Beijing's propaganda push 24 minutes ago | www.theregister.com
australian beijing ccp china +19
REvil ransomware scum sentenced to almost 14 years inside, ordered to pay $16 million 50 minutes ago | www.theregister.com
pay prison ransomware revil +4
A million Australian pubgoers wake up to find personal info listed on leak site 3 hours ago | www.theregister.com
australian contractors find info +6
Dropbox dropped the ball on security, haemorrhaging customer and third-party info 6 hours ago | www.theregister.com
attack customer customers digital +17
Block accused of mass compliance failures that saw digi-dollars reach terrorists 6 hours ago | www.theregister.com
app back big block +19
Infosec biz boss accused of BS'ing the world about his career, anti-crime product, customers 12 hours ago | www.theregister.com
boss career ceo crime +10
US charges 16 over 'depraved' grandparent scams 14 hours ago | www.theregister.com
car charges dollars elderly +7
Qantas app glitch sees boarding passes fly to other accounts 16 hours ago | www.theregister.com
accounts airline app breach +10
Open source programming language R patches gnarly arbitrary code exec flaw 1 day, 6 hours ago | www.theregister.com
ace arbitrary code arbitrary code execution code +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs