Episode Details

Back to Episodes
The XZ exploit: The day the internet got lucky

The XZ exploit: The day the internet got lucky

Published 1 year, 9 months ago
Description

This week we're talking about a backdoor inserted into a popular Linux file compression tool, which had the potential to massively undermine the security of vast swathes of the internet. What happened? How did it happen? And how was it thwarted?


Links

- Andres Freund's Mastodon - where he revealed the backdoor: https://mastodon.social/@AndresFreundTec

- Read more in Ars Technica's article about it: https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/ - Read more in the verge's article about it https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempt
- Read more in Wired's article about it https://www.wired.com/story/jia-tan-xz-backdoor/ - Check out this excellent and very helpful diagram: https://twitter.com/fr0gger_/status/1775759514249445565 - The XKCD comic we mention: https://xkcd.com/538/

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us