SceneLog
The XZ Backdoor Story: The Undercover Operation That Set the Internet on Fire

The XZ Backdoor Story: The Undercover Operation That Set the Internet on Fire

S32 · E8 August 9, 2024

Free on SceneLog — log in or create an account to track it.

Overview

On Fri, 29 Mar 2024, at 08:51:26, OSS security received a message from Microsoft engineer Andres Freund about a backdoor in the upstream xz/liblzma library that could compromise SSH servers. A mysterious maintainer, Jia Tan, had compromised the XZ project, posing a major risk.We’ll explore who Jia Tan is, how long he’s been involved, and his potential involvement in other projects. We’ll detail how the backdoor was discovered, how it was implemented, and its technical workings. This case isn’t just about a hidden threat but also a complex puzzle, offering lessons on what went wrong and how to improve.

Comments

Be the first to comment.

Leave a comment

Your email won't be published. Comments are reviewed before they appear.