Kevin Beaumont on Nostr: Another two thoughts on XZ - - sshd itself has no dependency on the XZ utils library. ...
Another two thoughts on XZ -
- sshd itself has no dependency on the XZ utils library. The streams got crossed in a way I don’t think anybody understood (except the threat actor).
- had that backdoor been performant with sshd, I don’t think anybody would have spotted it.
The way this played out opens a window of opportunity to go back and look at both issues.
Published at
2024-03-30 10:13:44Event JSON
{
"id": "5332436b98e97094a15195825e159eb9c8fa691cbe1bd8c8291e9d74e3558d91",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1711793624,
"kind": 1,
"tags": [
[
"e",
"63dc36bb06b136dea3b487ed2c77e7f755ade12082db0044f4161b4ed228fc7f",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/112184107002060669",
"activitypub"
]
],
"content": "Another two thoughts on XZ - \n\n- sshd itself has no dependency on the XZ utils library. The streams got crossed in a way I don’t think anybody understood (except the threat actor). \n\n- had that backdoor been performant with sshd, I don’t think anybody would have spotted it. \n\nThe way this played out opens a window of opportunity to go back and look at both issues.",
"sig": "46e8c7622b55fd82f6e1ced0d3b858f76b9533937270e153bb09e6dc620276025dff1fbbad6322362f8885c23ef1fbfb89b78537285b9965d86ebd613d2889cb"
}