Content-type: text/html Downes.ca ~ Stephen's Web ~ Backdoor found in widely used Linux utility targets encrypted SSH connections

Stephen Downes

Knowledge, Learning, Community

This is an object lesson in why organizations that use open source code should devote resources to supporting and maintaining it. Because if you don't, the actors who fill the gap may well be malicious. That's what happened here when a 'back door' was planed into XZ Utils, a widely-used set of tools used to compress software archives. The resulting code created a vulnerability in key infrastructure, used to secure critical systems such as cloud-based tools. It was caught by an engineer working at Microsoft, though in retrospect the tracks of an unknown bad actor seeding the code were there fir all to see.

Today: 3 Total: 952 [Direct link] [Share]


Stephen Downes Stephen Downes, Casselman, Canada
stephen@downes.ca

Copyright 2024
Last Updated: Dec 11, 2024 8:30 p.m.

Canadian Flag Creative Commons License.

Force:yes