all InfoSec news
Security: Why the "XZ backdoor" is worrying
DEV Community dev.to
The recent attempt to compromise XZ, a library included in many Linux distributions out of the box, is worrying.
What's the point?
As far as I know, the attackers aimed to compromise the SSH daemon and ultimately expose vulnerable machines to the internet through SSH.
Any Linux machine running popular distributions, such as Ubuntu, would have been compromised:
Fortunately, it failed, but we're lucky, as the engineer who discovered the anomaly was not looking for security flaws.
attackers backdoor box compromise daemon developer distributions expose far internet library linux linux distributions machine machines opensource point popular running security ssh threat ultimately vulnerable xz backdoor