Mastodon

Jordi Mon CompanysHow <a href="https://mastodon.social/tags/NixOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#NixOS</a> and reproducible builds could have detected the <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> utils (<a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a>) backdoor for the benefit of all by <a href="https://chaos.social/@luj" class="u-url mention" rel="nofollow noopener" target="_blank">@luj</a> <a href="https://luj.fr/blog/how-nixos-could-have-detected-xz.html" rel="nofollow noopener" translate="no" target="_blank">https://luj.fr/blog/how-nixos-could-have-detected-xz.html</a>

JdeBP<a href="https://fosstodon.org/@3v1n0" class="u-url mention" rel="nofollow noopener" target="_blank">@3v1n0</a> <a href="https://mastodon.social/@novaTopFlex" class="u-url mention" rel="nofollow noopener" target="_blank">@novaTopFlex</a> What code did they use instead?I know of two fairly simple implementations of the notify protocol client, which have been around for years. I'm interested in knowing whether it was either of those, a third one, or just a quick nonce implementation.<a href="https://tty0.social/tags/systemd" class="mention hashtag" rel="nofollow noopener" target="_blank">#systemd</a> <a href="https://tty0.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> <a href="https://tty0.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> <a href="https://tty0.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a><a href="https://jdebp.uk/FGA/unix-daemon-readiness-protocol-problems.html#CrippledAdoption" rel="nofollow noopener" translate="no" target="_blank">https://jdebp.uk/FGA/unix-daemon-readiness-protocol-problems.html#CrippledAdoption</a>

Christian Pietsch 🍑<a href="https://infosec.exchange/@jrt" class="u-url mention" rel="nofollow noopener" target="_blank">@jrt</a> <a href="https://geraffel.social/@ph0lk3r" class="u-url mention" rel="nofollow noopener" target="_blank">@ph0lk3r</a> <a href="https://infosec.exchange/@hisolutions" class="u-url mention" rel="nofollow noopener" target="_blank">@hisolutions</a> <a href="https://chaos.social/@HonkHase" class="u-url mention" rel="nofollow noopener" target="_blank">@HonkHase</a> Vielen Dank für den Aufschrieb. Ich hoffe, dass jemand aus dieser Vorlage einen Krimi macht.Hättet ihr Lust, das als szenische Lesung oder (Socken-)Puppentheater beim <a href="https://suma-ev.social/tags/38c3" class="mention hashtag" rel="nofollow noopener" target="_blank">#38c3</a> aufzuführen?<a href="https://suma-ev.social/tags/CVE20243094" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE20243094</a> <a href="https://suma-ev.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> <a href="https://suma-ev.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> <a href="https://suma-ev.social/tags/Hintert%C3%BCr" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hintertür</a>

Digital Human ✔Kritieke kwetsbaarheid ontdekt in xz compressiebibliotheek: cve-2024-3094 <a href="https://www.trendingtech.news/trending-news/2024/04/6421/kritieke-kwetsbaarheid-ontdekt-in-xz-compressiebibliotheek-cve-2024-3094" rel="nofollow noopener" translate="no" target="_blank">https://www.trendingtech.news/trending-news/2024/04/6421/kritieke-kwetsbaarheid-ontdekt-in-xz-compressiebibliotheek-cve-2024-3094</a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>-2024-3094 <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> kwetsbaarheid <a href="https://mastodon.social/tags/Kritieke" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kritieke</a> xz lek <a href="https://mastodon.social/tags/Red" class="mention hashtag" rel="nofollow noopener" target="_blank">#Red</a> Hat veiligheidsadvies <a href="https://mastodon.social/tags/XZ" class="mention hashtag" rel="nofollow noopener" target="_blank">#XZ</a> beveiligingsupdate <a href="https://mastodon.social/tags/Trending" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trending</a> <a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://mastodon.social/tags/Nieuws" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nieuws</a>

Digital Human ✔Kritieke kwetsbaarheid in xz (cve-2024-3094): een diepgaande analyse <a href="https://www.trendingtech.news/trending-news/2024/04/6154/kritieke-kwetsbaarheid-in-xz-cve-2024-3094-een-diepgaande-analyse" rel="nofollow noopener" translate="no" target="_blank">https://www.trendingtech.news/trending-news/2024/04/6154/kritieke-kwetsbaarheid-in-xz-cve-2024-3094-een-diepgaande-analyse</a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>-2024-3094 <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> kwetsbaarheid <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> datacompressie <a href="https://mastodon.social/tags/kritieke" class="mention hashtag" rel="nofollow noopener" target="_blank">#kritieke</a> softwarekwetsbaarheid <a href="https://mastodon.social/tags/beveiligingsbeoordeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#beveiligingsbeoordeling</a> Red Hat <a href="https://mastodon.social/tags/Trending" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trending</a> <a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://mastodon.social/tags/Nieuws" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nieuws</a>

David SandilandsHappy to see <a href="http://rubygems.org" rel="nofollow noopener" translate="no" target="_blank">http://rubygems.org</a> update <a href="https://blog.rubygems.org/2024/03/31/rubygems-and-xz.html" rel="nofollow noopener" translate="no" target="_blank">https://blog.rubygems.org/2024/03/31/rubygems-and-xz.html</a> that they have done an internal audit not just of the software used to run RubyGems.org itself, but also every gem that has ever been published. RubyGems.org is not vulnerable to this issue and no gem currently published on RubyGems.org contains the vulnerable liblzma library.<a href="https://fosstodon.org/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://fosstodon.org/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://fosstodon.org/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#ruby</a> <a href="https://fosstodon.org/tags/XZLZMA" class="mention hashtag" rel="nofollow noopener" target="_blank">#XZLZMA</a> <a href="https://fosstodon.org/tags/XZ" class="mention hashtag" rel="nofollow noopener" target="_blank">#XZ</a>

𝗣𝗠𝗝 👽also ich muss zugeben, ich bin echt fan von der art und weise wie <a href="https://social.pmj.rocks/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> / <a href="https://social.pmj.rocks/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> / <a href="https://social.pmj.rocks/tags/xzutils" class="mention hashtag" rel="nofollow noopener" target="_blank">#xzutils</a> gehackt wurde den exploit nicht in das eigentliche programm sondern in die tests zu programmieren ist echt genial

Juan LoboMe tiene loco que la backdoor en la DLL <a href="https://masto.es/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> de <a href="https://masto.es/tags/xzutils" class="mention hashtag" rel="nofollow noopener" target="_blank">#xzutils</a> la descubriera un pavo porque al conectarse por SSH la conexión tardaba un cuarto de segundo más de lo habitual. I mean, quién se fija y se da cuenta de algo así, y cómo lo relaciona con una vulnerabilidad en <a href="https://masto.es/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a>. Es de locos, me sigue dejando perplejo.Parece bastante claro que el autor es alguna agencia de inteligencia por la planificación, el nivel y los recursos. Cuentas falsas contribuyendo con código en Github durante años y ganándose reputación como contributors y la confianza del creador de XZ, y con un grado de conocimiento técnico a bajo nivel al alcance de pocos. Una verdadera operación encubierta sostenida en el tiempo, con una duración de años, para instalar una puerta trasera en equipos a nivel planetario.Viendo las características poco creíbles de la cuenta falsa principal, aparentemente china, yo me decanto por los servicios secretos rusos o estadounidenses, pero es mera especulación.<a href="https://masto.es/tags/ciberseguridad" class="mention hashtag" rel="nofollow noopener" target="_blank">#ciberseguridad</a>

Digital Human ✔Ontdekte malware in xz tarballs: impact op liblzma en veiligheidsmaatregelen <a href="https://www.trendingtech.news/trending-news/2024/04/5016/ontdekte-malware-in-xz-tarballs-impact-op-liblzma-en-veiligheidsmaatregelen" rel="nofollow noopener" translate="no" target="_blank">https://www.trendingtech.news/trending-news/2024/04/5016/ontdekte-malware-in-xz-tarballs-impact-op-liblzma-en-veiligheidsmaatregelen</a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>-2024-3094 <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> kwetsbaarheid <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> tarballs malware <a href="https://mastodon.social/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#software</a> supply chain veiligheid <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> updates <a href="https://mastodon.social/tags/Trending" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trending</a> <a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://mastodon.social/tags/Nieuws" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nieuws</a>

Frederic Branczyk :verified:Now I have to wonder if this bug report I did ~1 year ago could have already lead to discovering part of the attack. The linked binary is liblzma5.<a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://hachyderm.io/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> <a href="https://hachyderm.io/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> <a href="https://hachyderm.io/tags/liblzma5" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma5</a> <a href="https://github.com/golang/go/issues/59208" rel="nofollow noopener" translate="no" target="_blank">https://github.com/golang/go/issues/59208</a>

𝗣𝗠𝗝 👽um so zeugs wie bei <a href="https://social.pmj.rocks/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> / <a href="https://social.pmj.rocks/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> zu verhindern muss <a href="https://social.pmj.rocks/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> software die so tief in der supplychain verwoben ist staatlich finanziert werden bzw. proprietäre/kommerzielle software die diese libs und tools nutzen muss einen teil ihrer einnahmen zur finanzierung abliefern, die dependency lösen oder eine busse bezahlen

Neustradamus :xmpp: :linux:<a href="https://mastodon.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ubuntu</a> 24.04 Beta "<a href="https://mastodon.social/tags/NobleNumbat" class="mention hashtag" rel="nofollow noopener" target="_blank">#NobleNumbat</a>" (<a href="https://mastodon.social/tags/LTS" class="mention hashtag" rel="nofollow noopener" target="_blank">#LTS</a>) has been delayed <a href="https://mastodon.social/tags/XZ" class="mention hashtag" rel="nofollow noopener" target="_blank">#XZ</a> / <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> (<a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> / <a href="https://mastodon.social/tags/Canonical" class="mention hashtag" rel="nofollow noopener" target="_blank">#Canonical</a> / <a href="https://mastodon.social/tags/UbuntuLTS" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuLTS</a> / <a href="https://mastodon.social/tags/UbuntuDesktop" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuDesktop</a> / <a href="https://mastodon.social/tags/UbuntuServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuServer</a> / <a href="https://mastodon.social/tags/UbuntuCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuCloud</a> / <a href="https://mastodon.social/tags/UbuntuCore" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuCore</a> / <a href="https://mastodon.social/tags/UbuntuBase" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuBase</a> / <a href="https://mastodon.social/tags/Kubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubuntu</a> / <a href="https://mastodon.social/tags/Lubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lubuntu</a> / <a href="https://mastodon.social/tags/UbuntuBudgie" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuBudgie</a> / <a href="https://mastodon.social/tags/UbuntuKylin" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuKylin</a> / <a href="https://mastodon.social/tags/UbuntuMate" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuMate</a> / <a href="https://mastodon.social/tags/UbuntuStudio" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuStudio</a> / <a href="https://mastodon.social/tags/Xubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#Xubuntu</a> / <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a>) <a href="https://discourse.ubuntu.com/t/noble-numbat-beta-delayed-xz-liblzma-security-update/43827" rel="nofollow noopener" translate="no" target="_blank">https://discourse.ubuntu.com/t/noble-numbat-beta-delayed-xz-liblzma-security-update/43827</a>

Andreas ScherbaumOh, look, the <a href="https://mastodon.social/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSF</a> is placing the <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> <a href="https://mastodon.social/tags/xzutils" class="mention hashtag" rel="nofollow noopener" target="_blank">#xzutils</a> problem on the sole <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> maintainer.Instead of "remaining vigilant" they could help directing more resources to open source projects. None of this is to be seen in the article.<a href="https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/" rel="nofollow noopener" translate="no" target="_blank">https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/</a>

Digital Human ✔Alles wat u moet weten over cve-2024-3094: een analyse van de kwetsbaarheid in xz <a href="https://www.trendingtech.news/trending-news/2024/04/4696/alles-wat-u-moet-weten-over-cve-2024-3094-een-analyse-van-de-kwetsbaarheid-in-xz" rel="nofollow noopener" translate="no" target="_blank">https://www.trendingtech.news/trending-news/2024/04/4696/alles-wat-u-moet-weten-over-cve-2024-3094-een-analyse-van-de-kwetsbaarheid-in-xz</a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>-2024-3094 <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> kwetsbaarheid <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> tarball beveiliging <a href="https://mastodon.social/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#software</a> veiligheidsanalyse <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> bedreigingen <a href="https://mastodon.social/tags/Trending" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trending</a> <a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://mastodon.social/tags/Nieuws" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nieuws</a>

CCC Freiburgnice demo and explanation of <a href="https://chaos.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> <a href="https://chaos.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> <a href="https://chaos.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#ssh</a> <a href="https://chaos.social/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploit</a> <a href="https://chaos.social/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#backdoor</a> <a href="https://chaos.social/tags/CVE20243094" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE20243094</a> <a href="https://www.youtube.com/watch?v=vV_WdTBbww4" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=vV_WdTBbww4</a>

Digital Human ✔De impact van cve-2024-3094 op xz: een gedetailleerde analyse <a href="https://www.trendingtech.news/trending-news/2024/04/4663/de-impact-van-cve-2024-3094-op-xz-een-gedetailleerde-analyse" rel="nofollow noopener" translate="no" target="_blank">https://www.trendingtech.news/trending-news/2024/04/4663/de-impact-van-cve-2024-3094-op-xz-een-gedetailleerde-analyse</a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>-2024-3094 <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> kwetsbaarheid <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> veiligheid <a href="https://mastodon.social/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#software</a> supply chain <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> analyse <a href="https://mastodon.social/tags/Trending" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trending</a> <a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://mastodon.social/tags/Nieuws" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nieuws</a>

René Moser (resmo) レネxz/liblzma: Bash-stage Obfuscation Explained<a href="https://mstdn.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> <a href="https://mstdn.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> <a href="https://mstdn.social/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#backdoor</a> <a href="https://gynvael.coldwind.pl/?id=782" rel="nofollow noopener" translate="no" target="_blank">https://gynvael.coldwind.pl/?id=782</a>

Lutra SecurityBackdoors (engl. für “Hintertür”) in Software sind geheime Zugänge, die von Entwicklern absichtlich eingebaut werden. Sie dienen dazu, auf ein System zuzugreifen, unter der Umgehung der üblichen Sicherheitsmaßnahmen. Beispielsweise um ein System per Fernwartung zu steuern. Diese Hintertüren können aber natürlich auch von Angreifern ausgenutzt werden, um unbefugten Zugriff auf das System und seine Daten zu erlangen.Aktuell gibt es ein gutes und sehr gefährliches Beispiel für eine Backdoor. Es handelt sich dabei scheinbar um einen lange geplanten Angriff auf die weitverbreitete Linux-Software “liblzma”.Da liblzma in vielen Linux-Versionen der Fernwartungssoftware OpenSSH verwendet wird, handelt es sich um eine besonders gefährliche Backdoor. Aufgedeckt wurde dieser Angriff nur durch Zufall, da einem Entwickler aufgefallen ist, dass der OpenSSH-Login plötzlich 500 Millisekunden länger gedauert hat.Dank ihm ist die IT-Welt gerade sehr knapp an einer IT-Sicherheitskatastrophe vorbeigeschrammt.<a href="https://infosec.exchange/tags/LutraKnows" class="mention hashtag" rel="nofollow noopener" target="_blank">#LutraKnows</a> <a href="https://infosec.exchange/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSicherheit</a> <a href="https://infosec.exchange/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> <a href="https://infosec.exchange/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> <a href="https://infosec.exchange/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#backdoor</a>

Digital Human ✔Alles over cve-2024-3094: de achterdeur in xz-utils ontmaskerd <a href="https://www.trendingtech.news/trending-news/2024/04/4540/alles-over-cve-2024-3094-de-achterdeur-in-xz-utils-ontmaskerd" rel="nofollow noopener" translate="no" target="_blank">https://www.trendingtech.news/trending-news/2024/04/4540/alles-over-cve-2024-3094-de-achterdeur-in-xz-utils-ontmaskerd</a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>-2024-3094 <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a>-utils achterdeur <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a> kwetsbaarheid <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> datacompressie <a href="https://mastodon.social/tags/veiligheidslek" class="mention hashtag" rel="nofollow noopener" target="_blank">#veiligheidslek</a> update <a href="https://mastodon.social/tags/Trending" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trending</a> <a href="https://mastodon.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://mastodon.social/tags/Nieuws" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nieuws</a>

Lobst3r (TWF1cm8gTS4=)Complessa, astuta ed arzigogolata: così si potrebbe definire la vulnerabilità <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>-2024-3094 sulla libreria <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> / <a href="https://mastodon.social/tags/liblzma" class="mention hashtag" rel="nofollow noopener" target="_blank">#liblzma</a>.Ho scritto un articolo dove cerco di spiegare (questa volta non proprio a parole semplici) la vulnerabilità e, stante le informazioni attualmente disponibili, il processo di attacco.Come sempre, spero che possa essere utile.<a href="https://lobsec.com/2024/04/cve-2024-3094-su-xz-utils/" rel="nofollow noopener" translate="no" target="_blank">https://lobsec.com/2024/04/cve-2024-3094-su-xz-utils/</a>

Recent searches

Search options

Administered by:

Server stats:

#liblzma