Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://abyssdomain.expert/users/filippo/statuses/112185827553387306">Filippo Valsorda :go: (filippo@abyssdomain.expert)'s status on Sunday, 31-Mar-2024 05:44:58 JST</a><a href="https://abyssdomain.expert/@filippo" title="filippo@abyssdomain.expert"><img src="https://gnusocial.jp/avatar/60766-48-20221208223432.webp" width="48" height="48" alt="Filippo Valsorda :go:" style="position: absolute; left: 0; top: 0;">Filippo Valsorda :go:</a></section><article><p>I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.</p><p>The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().</p><p>It's RCE, not auth bypass, and gated/unreplayable.</p><p>More details in this thread: <a href="https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b" rel="nofollow noreferrer">https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2882650#notice-5727898">In conversation</a><time datetime="2024-03-31T05:44:58+09:00" title="Sunday, 31-Mar-2024 05:44:58 JST">about 8 months ago</time> <span>from <span><a href="https://abyssdomain.expert/@filippo/112185827553387306" rel="external" title="Sent from abyssdomain.expert via ActivityPub">abyssdomain.expert</a></span></span><a href="https://abyssdomain.expert/@filippo/112185827553387306">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b">Filippo Valsorda (@filippo.abyssdomain.expert)</a></h5><div></div></header><div>I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().It's RCE, not auth bypass, and gated/unreplayable.[contains quote post or other embedded content]</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Filippo Valsorda :go: (filippo@abyssdomain.expert)'s status on Sunday, 31-Mar-2024 05:44:58 JST Filippo Valsorda :go:
I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.
The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().
It's RCE, not auth bypass, and gated/unreplayable.
More details in this thread: https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b
In conversationabout 8 months ago from abyssdomain.expertpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Filippo Valsorda (@filippo.abyssdomain.expert)
  I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It's RCE, not auth bypass, and gated/unreplayable. [contains quote post or other embedded content]

Public

Embed Notice

HTML Code

Corresponding Notice