A Microsoft employee unintentionally discovered that SSH is a little slow! This triggered him to make a performance test then he realized that a guy is injected a malware into the liblzma lossless compression library.
OpenSSH doesn't need xz-utils as a dependency; but distros which -unfortunately- uses systemd have to patch OpenSSH to support systemd.
There is a long debate started and going on social media for the last 24 hours. But I want to clear one point: when hackers are from China/North Korea/Russia/Iran, infosec community immediately reveal this information. They "emphatically" say where they are from. On the other hand if the hackers are not from those countries they the hackers are only `state-sponsored`! State sponsored but which state? Nobody is talking this issue
Read the full mailing on Openwall:
Code:
https://www.openwall.com/lists/oss-security/2024/03/29/4
A very nice blog post from lcamtuf:
Code:
https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
A nice thread on bird-site:
Code:
https://twitter.com/_ruby/status/1774073953440747664
If you are interested in state-sponsored-hackers, better check my toot:
Code:
https://infosec.exchange/@bluedevil/112185519485326084