Message-ID:

Remember Darwin; building a better mousetrap merely results in smarter mice.

computers / alt.os.linux.mageia / xz-backdoor

xz-backdoor

<op.2lgfwvzea3w0dxdave@hodgins.homeip.net>

https://www.rocksolidbbs.com/computers/article-flat.php?id=6188&group=alt.os.linux.mageia#6188

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: dwhodgins@nomail.afraid.org (David W. Hodgins)
Newsgroups: alt.os.linux.mageia
Subject: xz-backdoor
Date: Sat, 30 Mar 2024 12:25:33 -0400
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <op.2lgfwvzea3w0dxdave@hodgins.homeip.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 30 Mar 2024 16:37:54 +0100 (CET)
Injection-Info: dont-email.me; posting-host="653b9fe0a4065bdd89d0304484dcda61";
logging-data="1171908"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX188nZHFlsJkNiALuS7DeM2xpWw4e/+8xP8="
User-Agent: Opera Mail/12.16 (Linux)
Cancel-Lock: sha1:bWQUtpbTw25w6frX2rbjFYyWUmM=

by: David W. Hodgins - Sat, 30 Mar 2024 16:25 UTC

https://tukaani.org/xz-backdoor/

The xz version with the backdoor never made it into Mageia. Even cauldron still
has version 5.4.6.

The backdoor was inserted into the 5.6.0 and 5.6.1 releases.

Regards, Dave Hodgins

Re: xz-backdoor

<uubdnr$1o27d$1@dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=6189&group=alt.os.linux.mageia#6189

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: daniel47@nomail.afraid.org (Daniel65)
Newsgroups: alt.os.linux.mageia
Subject: Re: xz-backdoor
Date: Sun, 31 Mar 2024 21:26:07 +1100
Organization: A noiseless patient Spider
Lines: 21
Message-ID: <uubdnr$1o27d$1@dont-email.me>
References: <op.2lgfwvzea3w0dxdave@hodgins.homeip.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 31 Mar 2024 10:26:03 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="1894a4a59270c4fd991699f6b572b439";
logging-data="1837293"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Vm3m7Ag885YqYmtX1YyNz9ZndRlv/zXI="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
SeaMonkey/2.53.18.2
Cancel-Lock: sha1:zj5p9+qkd8gAadnZudg11xtbrGs=
In-Reply-To: <op.2lgfwvzea3w0dxdave@hodgins.homeip.net>

by: Daniel65 - Sun, 31 Mar 2024 10:26 UTC

David W. Hodgins wrote on 31/3/24 3:25 am:
> https://tukaani.org/xz-backdoor/
>
> The xz version with the backdoor never made it into Mageia. Even
> cauldron still has version 5.4.6.
>
> The backdoor was inserted into the 5.6.0 and 5.6.1 releases.
>
> Regards, Dave Hodgins

Hmmm! How fortunate for you to post this, David.

I was just reading some of the posts on my Win7 NG and someone there had
posted that Linux was now susceptible to Virus' so I was going to ask,
here, if this WAS the case or was this just an example of Windows users
griping!!

Sure, Virii and 'back-doors' are not the same thing .... but still we
have to be careful, it seems.
--
Daniel

Re: xz-backdoor

<op.2lh6nurna3w0dxdave@hodgins.homeip.net>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=6190&group=alt.os.linux.mageia#6190

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: dwhodgins@nomail.afraid.org (David W. Hodgins)
Newsgroups: alt.os.linux.mageia
Subject: Re: xz-backdoor
Date: Sun, 31 Mar 2024 11:00:56 -0400
Organization: A noiseless patient Spider
Lines: 29
Message-ID: <op.2lh6nurna3w0dxdave@hodgins.homeip.net>
References: <op.2lgfwvzea3w0dxdave@hodgins.homeip.net>
<uubdnr$1o27d$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 31 Mar 2024 15:03:22 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="d2cdf57838d94b96c1341b5af9238951";
logging-data="1957186"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19Amv1HVDND7QEZxpVf7XSpAFg3SqH82t0="
User-Agent: Opera Mail/12.16 (Linux)
Cancel-Lock: sha1:w865nfs4Q6skDSJ0VUCTXI4x1T0=

by: David W. Hodgins - Sun, 31 Mar 2024 15:00 UTC

On Sun, 31 Mar 2024 06:26:07 -0400, Daniel65 <daniel47@nomail.afraid.org> wrote:

> David W. Hodgins wrote on 31/3/24 3:25 am:
>> https://tukaani.org/xz-backdoor/
>>
>> The xz version with the backdoor never made it into Mageia. Even
>> cauldron still has version 5.4.6.
>>
>> The backdoor was inserted into the 5.6.0 and 5.6.1 releases.
>>
>> Regards, Dave Hodgins
>
> Hmmm! How fortunate for you to post this, David.
>
> I was just reading some of the posts on my Win7 NG and someone there had
> posted that Linux was now susceptible to Virus' so I was going to ask,
> here, if this WAS the case or was this just an example of Windows users
> griping!!
>
> Sure, Virii and 'back-doors' are not the same thing .... but still we
> have to be careful, it seems.

Found an excellent write up explaining how it was done. A chain of minor changes
none of which look malicious by themselves, but when looked at in combination,
it becomes obvious.

https://gynvael.coldwind.pl/?lang=en&id=782

Regards, Dave Hodgins

Re: xz-backdoor

<uudg4h$2aekr$1@dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=6191&group=alt.os.linux.mageia#6191

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: unruh@invalid.ca (William Unruh)
Newsgroups: alt.os.linux.mageia
Subject: Re: xz-backdoor
Date: Mon, 1 Apr 2024 05:19:14 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <uudg4h$2aekr$1@dont-email.me>
References: <op.2lgfwvzea3w0dxdave@hodgins.homeip.net>
<uubdnr$1o27d$1@dont-email.me>
Injection-Date: Mon, 01 Apr 2024 05:19:14 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="c6e99ed194affa17ce8c2dee3965dfb9";
logging-data="2439835"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+FWeUWtdtX/Fyj+iP3FxBc"
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:O6fdoB6OgVAhts5SJ/+q2YGaki8=

by: William Unruh - Mon, 1 Apr 2024 05:19 UTC

On 2024-03-31, Daniel65 <daniel47@nomail.afraid.org> wrote:
> David W. Hodgins wrote on 31/3/24 3:25 am:
>> https://tukaani.org/xz-backdoor/
>>
>> The xz version with the backdoor never made it into Mageia. Even
>> cauldron still has version 5.4.6.
>>
>> The backdoor was inserted into the 5.6.0 and 5.6.1 releases.
>>
>> Regards, Dave Hodgins
>
> Hmmm! How fortunate for you to post this, David.
>
> I was just reading some of the posts on my Win7 NG and someone there had
> posted that Linux was now susceptible to Virus' so I was going to ask,
> here, if this WAS the case or was this just an example of Windows users
> griping!!
>
> Sure, Virii and 'back-doors' are not the same thing .... but still we
> have to be careful, it seems.

Yes, they are definitely different. One i putting a deliberate bug into
the OS by infiltrating the OS team, the other is taking advantage of
bugs that got put in unintentionally. Linux has always been susceptible
to the former, Windows to the latter. But you also notice that this bug
was discovered and (hopefully) defanged by the "many eyes" phenomena--
you open the code to may eyes and one of them, by accident or design,
will notice the problem early.
And it is, we have to be observant, and willing to investigate when
something looks fishy.Being carefull is useless in this case. There is
nothing that a user could have done to make themselves safe from this
bug.

Re: xz-backdoor

<uuds6r$2ctoj$3@dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=6192&group=alt.os.linux.mageia#6192

copy link Newsgroups: alt.os.linux.mageia

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: daniel47@nomail.afraid.org (Daniel65)
Newsgroups: alt.os.linux.mageia
Subject: Re: xz-backdoor
Date: Mon, 1 Apr 2024 19:45:22 +1100
Organization: A noiseless patient Spider
Lines: 34
Message-ID: <uuds6r$2ctoj$3@dont-email.me>
References: <op.2lgfwvzea3w0dxdave@hodgins.homeip.net>
<uubdnr$1o27d$1@dont-email.me> <op.2lh6nurna3w0dxdave@hodgins.homeip.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 01 Apr 2024 08:45:16 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="8c1dd7a7dc3136d02f04195c45cf734a";
logging-data="2520851"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19E9P2U4Jic7YXQ5aLPgDV/A+9HUkBhmo8="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
SeaMonkey/2.53.18.2
Cancel-Lock: sha1:k8DzMO0ROnjJYHBluxkgii5MvBQ=
In-Reply-To: <op.2lh6nurna3w0dxdave@hodgins.homeip.net>

by: Daniel65 - Mon, 1 Apr 2024 08:45 UTC

David W. Hodgins wrote on 1/4/24 2:00 am:
> On Sun, 31 Mar 2024 06:26:07 -0400, Daniel65
> <daniel47@nomail.afraid.org> wrote:
>> David W. Hodgins wrote on 31/3/24 3:25 am:
>>> https://tukaani.org/xz-backdoor/
>>>
>>> The xz version with the backdoor never made it into Mageia. Even
>>> cauldron still has version 5.4.6.
>>>
>>> The backdoor was inserted into the 5.6.0 and 5.6.1 releases.
>>>
>>> Regards, Dave Hodgins
>>
>> Hmmm! How fortunate for you to post this, David.
>>
>> I was just reading some of the posts on my Win7 NG and someone
>> there had posted that Linux was now susceptible to Virus' so I was
>> going to ask, here, if this WAS the case or was this just an
>> example of Windows users griping!!
>>
>> Sure, Virii and 'back-doors' are not the same thing .... but still
>> we have to be careful, it seems.
>
> Found an excellent write up explaining how it was done. A chain of
> minor changes none of which look malicious by themselves, but when
> looked at in combination, it becomes obvious.
>
> https://gynvael.coldwind.pl/?lang=en&id=782
>
> Regards, Dave Hodgins

Thank you.
--
Daniel

Subject	Author
xz-backdoor	David W. Hodgins
Re: xz-backdoor	Daniel65
Re: xz-backdoor	David W. Hodgins
Re: xz-backdoor	Daniel65
Re: xz-backdoor	William Unruh