XZ Backdoor: Timeline and Overview

preview_player
Показать описание
Sources:

===============================================
===============================================
  1. Seytonic
  2. technology
  3. tech
  4. computer
  5. computer science
  6. computers
Рекомендации по теме
XZ Backdoor: Timeline 0:10:31

XZ Backdoor: Timeline and Overview

The XZ Backdoor 0:11:55

The XZ Backdoor Almost Compromised Every Linux System

Why Linus Torvalds 0:02:43

Why Linus Torvalds doesn't use Ubuntu or Debian

Watch This Russian 0:02:56

Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC

Lightning Talk: The 0:00:00

Lightning Talk: The XZ Backdoor and a 40 Year Old Prediction - Christopher Harpum - ACCU 2024

How Microsoft feeds 0:00:42

How Microsoft feeds gamepass

'I Show You 0:08:30

'I Show You What to Remove from Your Phone Before Using It' Edward Snowden

Air hostesses trying 0:00:12

Air hostesses trying to close door 😅 #shorts

Cybersecurity Expert Demonstrates 0:03:27

Cybersecurity Expert Demonstrates How Hackers Easily Gain Access To Sensitive Information

What happened when 0:00:11

What happened when I fall #surf #surfing #athlete #waves #surfers #skate #wsl #fit

Watch these hackers 0:05:42

Watch these hackers crack an ATM in seconds

gzip file compression 0:02:18

gzip file compression in 100 Seconds

Does Windows have 0:17:05

Does Windows have Back Doors?

'I Show You 0:06:34

'I Show You How Easily Your Phone Can Be Hacked' Edward Snowden

How Law Enforcement 0:05:58

How Law Enforcement Breaks into iPhones

The Real Reason 0:08:03

The Real Reason Eric Forman Was Replaced On That 70s Show

This is the 0:04:45

This is the operating system Edward Snowden recommends

Insane Way Bank 0:15:21

Insane Way Bank Robbers Executed Perfect Bank Heist (Stole $20 Million)

NSA whistleblower Edward 0:12:35

NSA whistleblower Edward Snowden: 'I don't want to live in a society that does these sort ...

The History of 0:10:59

The History of Backdoors on 2b2t

The One Ring 0:04:50

The One Ring Explained

Elliptic Curve Back 0:12:24

Elliptic Curve Back Door - Computerphile

We Now Understand 0:04:11

We Now Understand Why Frank Is No Longer On American Pickers

2b2t: A Dark 0:11:40

2b2t: A Dark History

Комментарии
Автор

This is especially sad for the original maintainer since they literally abused his mental health problems to get their malicious code added. Can’t imagine how Lasse is feeling right now.

dxsop
Автор

imagine you create a masterplan and slowly take over a repo in 4 years to literally do one of the biggest backdoors ever created, and one guy, just testing his ssh asking himself why his auth took 500ms longer, destroys everything

sodaftw
Автор

I feel so bad for Lasse :(
Lasse if you happen to read this: we love you and highly appreciate the time and effort you put into xz, stay strong mate!

CuriousPiti
Автор

The bigger question: how many other projects have been targeted and are actively being attacked at this very moment? No chance it was just xz

repatch
Автор

The only people prepared to go to such extremes are nation states, possibly ransomware groups, but that's a bit of a stretch. The fact that this was picked up so soon and by pure curiousity is nothing short of a miracle.

Note to self. Don't forget to disable UPnP on your router.

DJ-Daz
Автор

This is by far the clearest explanation of this hack I've ever heard. Thank you for making sense of this!

jimcabezola
Автор

imagine how pissed Jia Tan and his pals are. 4 years in the making, busted before the finish line.

CardinalHijack
Автор

I think you should have said "hack the maintainer's computer", because they absolutely did "hack the maintainer".

agsystems
Автор

All those companies making trilions of dolars over the original maintaner's work and they won't even pay the guy a minimum wage

yuri
Автор

I live on 3rd world country, I'm using Linux and open source projects for long time, honesty I was thinking donation for open source projects maintainer for long time now, and I did some, but honesty I notice the majority of Linux and open source users don't care about it maintainers at all, there is almost no reliable mechanism to support them, how to put the blame on guy ding all he could for long time and for free, and many time when they ask for support either got none or got negative feedback from some dump useless people.

arduinoguru
Автор

I always wondered who's double checking new commits to open-source projects.... seems to be no one in this case. It sounds like we got lucky with the Microsoft engineer finding this. Pretty scary.

KarlRock
Автор

8:54 They almost had enough patience. They started to pressure OS maintainers to include the latest XZ stable build in their next stable release. I think the deadline just barely past them by.

IsYitzach
Автор

bro Lassie needs to get some MASSIVE donations to a patreon or something considering he has been maintaining the whole internets compression for more than a decade without any compensation. im sure some money might help his mental health. Lassie you are a god damn super hero and you are appreciated!

mathewphoria
Автор

This was really well explained, thank you!

akshaj
Автор

Whenever somthing happens in the CyberSec world. I always look forward to your video to pull all the information together! I like to think i "keep my ear to the ground" but i didn't realize how complex the social engineering part was with many personas on the mailing list! Very much looking forward to a follow up video if the identity of Jia Tan is ever found (State Actor?!) Keep the videos coming!!

TornTech
Автор

Absolutely utterly insane what kind of scale this attack has and what kind of effort is behind all of this. Thanks for the great video! ❤

yeet
Автор

This is a great explanatory video! I showed this to someone with absolutely no knowledge about tech and they understood perfectly! Thank you :)

Draggie
Автор

Great to see this video out so quickly but still so accurate and informative. Cannot begin to imagine the follow on effect if this was not discovered! People who are rude to Devs have no place on the internet, ban them all!

Sprinkles-ry
Автор

I completely forgot about the editing being outsourced when i watched this, the video feels a lot more authentic and similar to the original style - amazing bro

pogdressing
Автор

You may not go into the exploit details but it's the best video I've seen about this topic so far! nice

kipchickensout