all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Security: Why the "XZ backdoor" is worrying

Add to bookmarks
April 20, 2024, 4:19 p.m. | pO0q 🦄

DEV Community dev.to

The recent attempt to compromise XZ, a library included in many Linux distributions out of the box, is worrying.





What's the point?


As far as I know, the attackers aimed to compromise the SSH daemon and ultimately expose vulnerable machines to the internet through SSH.


Any Linux machine running popular distributions, such as Ubuntu, would have been compromised:



Fortunately, it failed, but we're lucky, as the engineer who discovered the anomaly was not looking for security flaws.


Source: Openwall …

attackers backdoor box compromise daemon developer distributions expose far internet library linux linux distributions machine machines opensource point popular running security ssh threat ultimately vulnerable xz backdoor

Visit resource

More from dev.to / DEV Community

PROJECT ON AZURE AD(MICROSOFT ENTRA ID) 3 hours ago | dev.to
active directory azure azure active directory azure ad +18
Launch your SaaS faster with OneMix by SaaS King 11 hours ago | dev.to
can com demo engineer +15
Why Choose ULIDs Over Traditional UUIDs or IDs for Database Identification? 18 hours ago | dev.to
applications building custom database +16
Simplifying Keycloak Configuration with Terraform and Terragrunt 1 day, 1 hour ago | dev.to
access access management applications authentication +24
Linux安装最新版Tinyproxy 1 day, 1 hour ago | dev.to
.conf etc http install +10
Spring Boot - Redis 1 day, 3 hours ago | dev.to
application basic boot cache +22
Advancing in Web Application Security: Exploring Advanced Login Security and Cache Control 1 day, 7 hours ago | dev.to
advanced application application security cache +20
Onboarding as a Senior Engineer 1 day, 9 hours ago | dev.to
connected contribute eng engineer +9
Enhancing React Native App Security with Google reCAPTCHA v3 1 day, 10 hours ago | dev.to
abuse age android app +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com
View more jobs