Chris MacNaughton
LightNews LightNews
Chris MacNaughton
@iceyec.bsky.social
8 followers 10 following 0 posts
Posts Replies Media Videos
Reposted by Chris MacNaughton
stgael.bsky.social
🚨🚨🚨🚨🚨
January 22, 2025 at 8:31 AM
Reposted by Chris MacNaughton
georgetakei.bsky.social
They really are.
January 22, 2025 at 12:30 AM
Reposted by Chris MacNaughton
filippo.abyssdomain.expert
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.
filippo.abyssdomain.expert Filippo Valsorda @filippo.abyssdomain.expert · Mar 29
This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library.

Looks like this got caught by chance. Wonder how long it would have taken otherwise.
filippo.abyssdomain.expert Filippo Valsorda @filippo.abyssdomain.expert · Mar 29
Woah. Backdoor in liblzma targeting ssh servers.

www.openwall.com/lists/oss-se...

It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…

Now I’m curious what it does in RSA_public_decrypt
March 30, 2024 at 5:13 PM