Tootfinder

Opt-in global Mastodon full text search. Join the index!

@TobiasFrech@ijug.social
2024-04-09 08:38:54

This couldn't be more relevant with the #xzbackdoor being discovered just recently.
Please note there will be a panel discussion on the XZ event this evening at 18:00 in the ring arena. #javaland
Correction: this panel will take place at 18:00 CET.

Slide about project metrics.
@xtaran@chaos.social
2024-04-02 15:16:14

That escalated quickly: The #xzbackdoor caused the first domain registration: #xz

Binarly XZ backdoor detector
XZ backdoor detector

@jimcarroll@futurist.info
2024-04-02 00:34:52

I updated it so you don't have to.
#xz #xzbackdoor

@RenkeSiems@openbiblio.social
2024-03-30 08:32:38

#xzbackdoor verdeutlicht nochmal, worum es in den Diskussionen zum #CyerResilienceAct auch ging: das es nicht sein kann, dass #OSS breit kommerziell genutzt wird, es aber aus dieser Nutzu…

@andres4ny@social.ridetrans.it
2024-03-30 23:05:51

lol, the #ReproducibleBuilds people are finally having their day in the sun
(and hey good for them, they've done a lot of work to get to this place!)
#xz #XzBackdoor

> Thanks a lot for doing this verification work! It is such an obvious application for Reproducible Builds that many people have worked on for many years. So... I daresay, my pleasure and honor. 🙂
@simon_lucy@mastodon.social
2024-03-29 20:27:22

The xz backdoor seems to be in all Linux distributions, and given it's in MacOS it's highly likely to be in *bsd as well.
The Good Thing is that those that need to have down graded repositories, so just do whatever flavour of update and it will be fine.
#xzBackdoor

@marcel@waldvogel.family
2024-04-03 19:08:51

Based on their analysis of working hours, timestamps, and holidays, it seems likely "Jia Tan" worked out of Eastern Europe or Russia while doing the #xzBackdoor ⬆️.
Clever analysis by Rhea Karty and Simon Henniger.
#xz
rheaeve.substack.com/p/xz-back

@simon_lucy@mastodon.social
2024-03-29 20:27:22

The xz backdoor seems to be in all Linux distributions, and given it's in MacOS it's highly likely to be in *bsd as well.
The Good Thing is that those that need to have down graded repositories, so just do whatever flavour of update and it will be fine.
#xzBackdoor

@simon_lucy@mastodon.social
2024-03-30 09:39:38

I guess some responsible adult is going to get landed with the xz repo maintenance and release, of which the first act would be to get the security review done and not presume that the first commit from the suspects is actually the first commit.
Who decides?
#xz #xzBackdoor

@marcel@waldvogel.family
2024-04-02 18:41:11

Oh, btw: I was just made aware of a 4½ minute video that summarizes most of the events and has (what I greatly appreciate) some great real-world analogy for how the backdoor was installed and then detected. Enjoy!
#xz #xzBackdoor
youtube.com/watch?v=bS9em7Bg0i

@marcel@waldvogel.family
2024-04-02 05:35:24

«Die Feiertage. Die ganzen IT-Abteilungen feiern mit der Familie… Die ganzen IT-Abteilungen? Nein! Eine von unbeugsamen Open-Source-Enthusiasten bevölkerte Mailingliste hört nicht auf, den Eindringlingen Widerstand zu leisten.»
#xz #xzbackdoor #lzma #ssh
dnip.ch/2024/04/02/xz-open-sou