Cengiz Can
@cengiz-io.bsky.social
Linux Kernel Engineer at Canonical
Those ideal conditions you are waiting will never happen.
people over 30 quote this with some life advice for the rest of us?
January 31, 2025 at 5:22 AM
Those ideal conditions you are waiting will never happen.
Reposted by Cengiz Can
Reposted by Cengiz Can
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Looks like this got caught by chance. Wonder how long it would have taken otherwise.
Woah. Backdoor in liblzma targeting ssh servers.
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
www.openwall.com/lists/oss-se...
It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…
Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
Reposted by Cengiz Can
🎉 #Shoutout to the incredible #openSUSE #community! Passion, collaboration & understanding of #opensource is what makes @opensuse.bsky.social thrive. Together, we help to enhance peoples' #digital life. www.opensuse.org
October 18, 2023 at 2:11 PM
🎉 #Shoutout to the incredible #openSUSE #community! Passion, collaboration & understanding of #opensource is what makes @opensuse.bsky.social thrive. Together, we help to enhance peoples' #digital life. www.opensuse.org