Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/112184532084137978">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 30-Mar-2024 21:02:43 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250105013211.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/112184107002060669" rel="in-reply-to">in reply to</a></div></section><article><p>Really good timeline of what is known to have happened so far. It looks like the rogue developer deliberately introduced a vulnerability in other package, too - I haven’t seen anybody else mention this. </p><p>Reading the dev’s GitHub history, they’ve been making changes to other open source projects too around compression. It also appears they/somebody involved has other accounts, too. </p><p><a href="https://boehs.org/node/everything-i-know-about-the-xz-backdoor" rel="nofollow noreferrer">https://boehs.org/node/everything-i-know-about-the-xz-backdoor</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2881363#notice-5725522">In conversation</a><time datetime="2024-03-30T21:02:43+09:00" title="Saturday, 30-Mar-2024 21:02:43 JST">about 10 months ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/112184532084137978" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/112184532084137978">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: boehs.org</div><h5><a href="https://boehs.org/node/everything-i-know-about-the-xz-backdoor">Everything I know about the XZ backdoor</a></h5><div> from <span>Evan Boehs</span></div></header><div>Please note: This is being updated in real time. The intent is to make sense of lots of simultaneous discoveries</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 30-Mar-2024 21:02:43 JST Kevin Beaumont
in reply to
Really good timeline of what is known to have happened so far. It looks like the rogue developer deliberately introduced a vulnerability in other package, too - I haven’t seen anybody else mention this.
Reading the dev’s GitHub history, they’ve been making changes to other open source projects too around compression. It also appears they/somebody involved has other accounts, too.
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
In conversationabout 10 months ago from cyberplace.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: boehs.org
  Everything I know about the XZ backdoor
  from Evan Boehs
  Please note: This is being updated in real time. The intent is to make sense of lots of simultaneous discoveries

Public

Embed Notice

HTML Code

Corresponding Notice