Lightnews — Scholar-powered news

Afshin Tavahin

@tavahin.bsky.social

2 followers 4 following 0 posts

security analyst from Stockholm

Posts Replies Media Videos

Reposted by Afshin Tavahin

Filippo Valsorda

@filippo.abyssdomain.expert

Woah. Backdoor in liblzma targeting ssh servers.

www.openwall.com/lists/oss-se...

It has everything: malicious upstream, masterful obfuscation, detection due to performance degradation, inclusion in OpenSSH via distro patches for systemd support…

Now I’m curious what it does in RSA_public_decrypt

oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise

www.openwall.com

March 29, 2024 at 4:49 PM

Add to Home Screen

Light up
your news

Add to Home Screen

Light upyour news

Sign in to Lightnews

Sign up to start reading

Connect Bluesky

Connect with Bluesky

Light up
your news