Linux got wrecked by backdoor attack

Fireship · Beginner ·🛠️ AI Tools & Apps ·2y ago

Key Takeaways

The XZ Utils compression library was backdoored by a hacker, compromising Linux distros like Debian, OpenSUSE, and Fedora, with a sophisticated attack that injected malicious code into the liblzma library, allowing the attacker to intercept and modify data, and only accessible with a secret key.

Full Transcript

over the last few days the open source world has been in panic mode a highly sophisticated and carefully planned attack affecting the XZ compression tool was shipped to production and it's compromised Linux dros like Debian CI open Susa and others thank God Temple OS is unaffected though and it's quite possibly one of the most well executed supply chain attacks of all time and give some random dude unfettered access to execute code on your machine via a secret back door this is not your everyday security vulnerability it's a Threat Level Midnight 10.0 critical issue on the cve RoR scale even higher than famous bugs like heart bleed log for shell and shell shock in today's video you'll learn exactly how the XZ back door works and the incredible story of how it was discovered by accident it is April 1st 2024 and you're watching the code report unfortunately this is not an April Fool's video If you happen to be using one of the Linux distros listed here you'll want to upgrade immediately luckily it only affects a very narrow set of dros most of which are unstable builds but that's only because this back door was discovered by pure luck early on more on that in just a second let's first take a deep dive into this back door XY utils is a tool for compressing and decompressing streams based on the lle ziv Markoff chain algorithm or lzma it contains a command line tool that's installed on most Linux dros by default which you can use right now with the XZ command but also contains an API Library called lib lzma and many other pieces of software depend on this library to implement compression one of which is sshd or secure shell demon a tool that listens to SSH connection like when you connect your local machine to the terminal on a Cloud Server and now here's where the back door comes in but keep in mind researchers are still figuring out exactly how this thing works malicious code was discovered in the tarballs of lib lzma which is the thing that most people actually install that malicious code is not present in the source code though it uses a series of obfuscations to hide the malicious code then at build time it injects a pre-built object disguised as a test file that lives in the source code it modifies specific parts of the lzma code which ultimately allows the attach ha ER to intercept and modify data that interacts with this Library researchers have also discovered that any payload sent to the back door must be signed by the attacker's private key in other words the attacker is the only one who can send a payload to the back door making it more difficult to test and monitor and the attacker went to Great Lengths to obfuscate the code like it contains no asky characters and instead has a built-in State machine to recognize important strings now because the vast majority of servers that power the internet are Linux based this back door could have been a major disaster luckily though a hero software engineer named Andre frin was using the unstable branch of Debian to Benchmark postgress he noticed something weird that most people would Overlook SSH logins were using up more CPU resources than normal initially he thought it was an issue in Debian directly but after some investigation discovered it was actually Upstream in XY utils and that's really bad because so many things depend on this tool in German his last name translates to friend which is fitting because he single-handedly helped the world avoid a multi-billion dollar disaster but who done it who's the a bad guy here at this point it's unclear the lib lzma project is maintained by Lassie Colin however the malicious tarballs are assed by giaan a contributor to the project this individual has been a trusted contributor for the last few years but clearly they've been playing the long game they spent years building up trust before trying the back door and nobody even noticed when they made their move I say they because we don't know if this is an individual or a penetration attempt from a rogue State like Russia North Korea or the United States here's a non-technical analogy imagine there's a landlord we'll call him Lassie Colin who manages a popular apartment building it's a lot of work but this young enthusiastic guy has been super helpful over the last couple years adding all sorts of upgrades and Renovations let's call him gatan he does great work but he's also been secretly installing cameras in the bathrooms which only he can access from the internet with his password now he would have gotten away with it too if it weren't for a pesky tenant named andrees who happened to notice that his electricity bill was just a little bit higher than usual he started looking behind the walls and found some unexpected wies that led right to the unauthorized cameras at this point we don't know the true identity of the hacker but whoever did this was looking to cast a very wide net and because it's protected by a secret key can only be exploited by one party XZ was a Sitting Duck because it's extremely popular while also being very boring with a single maintainer whoever's behind this is either an extremely intelligent psychopath or more likely a group of state sponsored Dimension hopping lizard people hellbent on world domination and that's why the only drro you should use is Temple OS this has been the code report thanks for watching watching and I will see you in the next one

Original Description

A popular compression library called XZ Utils was recently backdoored by a hacker which compromised Linux distros like Debian, OpenSUSE, Fedora, and Kali. Learn how the liblzma hack happened who is behind it. #programming #linux #thecodereport 💬 Chat with Me on Discord https://discord.gg/fireship 🔗 Resources Details of XZ vulnerability https://www.openwall.com/lists/oss-security/2024/03/29/4 CVE-2024-3094 https://access.redhat.com/security/cve/cve-2024-3094#cve-cvss-v3 Weird Algorithms https://youtu.be/SmyPTnlqhlk Cryptography Tutorial https://youtu.be/NuyzuNBFWxQ 🔥 Get More Content - Upgrade to PRO Upgrade at https://fireship.io/pro Use code YT25 for 25% off PRO access 🎨 My Editor Settings - Atom One Dark - vscode-icons - Fira Code Font 🔖 Topics Covered Overview of cve-2024-3094 Can Linux be hacked? Who is behind XZ backdoor attack? Home does XZ backdoor work? Worst hacking incidents of 2024 Which Linux distros were affected by XZ attack?
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from Fireship · Fireship · 0 of 60

← Previous Next →
1 Angular 4 Development and Production Environments with Firebase
Angular 4 Development and Production Environments with Firebase
Fireship
2 OAuth with Angular and Firebase Tutorial
OAuth with Angular and Firebase Tutorial
Fireship
3 Anonymous Authentication with Angular and Firebase - Lazy Registration
Anonymous Authentication with Angular and Firebase - Lazy Registration
Fireship
4 Angular Router Guards for Firebase Users
Angular Router Guards for Firebase Users
Fireship
5 Angular Firebase CRUD App with NoSQL Database Tutorial
Angular Firebase CRUD App with NoSQL Database Tutorial
Fireship
6 Upload Files from Angular to Firebase Storage
Upload Files from Angular to Firebase Storage
Fireship
7 How to Deploy an Angular App to Firebase Hosting
How to Deploy an Angular App to Firebase Hosting
Fireship
8 Sharing Data between Components in Angular
Sharing Data between Components in Angular
Fireship
9 Loading Spinners for Asynchronous Firebase Data
Loading Spinners for Asynchronous Firebase Data
Fireship
10 Angular 4 Transactional Email with Google Firebase Cloud Functions
Angular 4 Transactional Email with Google Firebase Cloud Functions
Fireship
11 Firebase Database Rules Tutorial
Firebase Database Rules Tutorial
Fireship
12 Autocomplete Search with Angular4 and Firebase
Autocomplete Search with Angular4 and Firebase
Fireship
13 Reddit Inspired Upvoting System with Angular and Firebase NoSQL
Reddit Inspired Upvoting System with Angular and Firebase NoSQL
Fireship
14 Angular Drag-and-Drop File Uploads to Firebase Storage
Angular Drag-and-Drop File Uploads to Firebase Storage
Fireship
15 Text Translation with Firebase Cloud Functions onWrite and Angular 4
Text Translation with Firebase Cloud Functions onWrite and Angular 4
Fireship
16 Custom Usernames with Firebase Authentication
Custom Usernames with Firebase Authentication
Fireship
17 Twitter-Inspired Follow Unfollow Feature with Firebase and Angular 4
Twitter-Inspired Follow Unfollow Feature with Firebase and Angular 4
Fireship
18 Simple Pagination with Firebase and Angular 4
Simple Pagination with Firebase and Angular 4
Fireship
19 How to Connect Firebase Users to their Data - 3 Methods
How to Connect Firebase Users to their Data - 3 Methods
Fireship
20 Add Toast Message Notifications to your Angular App
Add Toast Message Notifications to your Angular App
Fireship
21 Facebook-Inspired Reactions System with Angular and Firebase
Facebook-Inspired Reactions System with Angular and Firebase
Fireship
22 Learn NgModule in Angular with Examples
Learn NgModule in Angular with Examples
Fireship
23 Lazy Loading Components in Angular 4
Lazy Loading Components in Angular 4
Fireship
24 Stripe Checkout Payments with Angular and Firebase - Part 1
Stripe Checkout Payments with Angular and Firebase - Part 1
Fireship
25 Process Stripe Payments with Firebase Cloud Functions - Part 2
Process Stripe Payments with Firebase Cloud Functions - Part 2
Fireship
26 Selling Digital Content in Angular with Stripe Payments - Part 3
Selling Digital Content in Angular with Stripe Payments - Part 3
Fireship
27 Angular 4 Full Text Search with Algolia - Part 1
Angular 4 Full Text Search with Algolia - Part 1
Fireship
28 Algolia with Firebase Cloud Functions - Part 2
Algolia with Firebase Cloud Functions - Part 2
Fireship
29 Firebase Phone Authentication in Angular 4
Firebase Phone Authentication in Angular 4
Fireship
30 Top 7 RxJS Concepts for Angular Developers
Top 7 RxJS Concepts for Angular Developers
Fireship
31 Learn Angular Animations with 5 Examples
Learn Angular Animations with 5 Examples
Fireship
32 Advanced Firebase Data Filtering (Multi-Property)
Advanced Firebase Data Filtering (Multi-Property)
Fireship
33 Realtime Maps with Mapbox + Firebase + Angular
Realtime Maps with Mapbox + Firebase + Angular
Fireship
34 Angular Reactive Forms with Firebase Database Backend
Angular Reactive Forms with Firebase Database Backend
Fireship
35 Send Push Notifications in Angular with Firebase Cloud Messaging
Send Push Notifications in Angular with Firebase Cloud Messaging
Fireship
36 Top 7 Ways to Debug Angular 4 Apps
Top 7 Ways to Debug Angular 4 Apps
Fireship
37 Infinite Scroll with Angular and Firebase
Infinite Scroll with Angular and Firebase
Fireship
38 Use TypeScript with Firebase Cloud Functions
Use TypeScript with Firebase Cloud Functions
Fireship
39 Realtime Graphs and Charts with Plotly and Firebase
Realtime Graphs and Charts with Plotly and Firebase
Fireship
40 Role-Based User Permissions in Firebase
Role-Based User Permissions in Firebase
Fireship
41 User Presence System in Realtime - Online, Offline, Away
User Presence System in Realtime - Online, Offline, Away
Fireship
42 Location-based Queries with GeoFire and Angular Google Maps
Location-based Queries with GeoFire and Angular Google Maps
Fireship
43 Angular ngrx Redux Quick Start Tutorial
Angular ngrx Redux Quick Start Tutorial
Fireship
44 Angular Ngrx Effects with Firebase Database
Angular Ngrx Effects with Firebase Database
Fireship
45 Progressive Web Apps with Angular
Progressive Web Apps with Angular
Fireship
46 Angular Ngrx with Firebase Google OAuth User Authentication
Angular Ngrx with Firebase Google OAuth User Authentication
Fireship
47 RxJS Quick Start with Practical Examples
RxJS Quick Start with Practical Examples
Fireship
48 Send SMS Text Messages with Twilio and Firebase
Send SMS Text Messages with Twilio and Firebase
Fireship
49 Firebase Database Performance Profiling
Firebase Database Performance Profiling
Fireship
50 Native Desktop Apps with Angular and Electron
Native Desktop Apps with Angular and Electron
Fireship
51 Subscription Payments with Stripe, Angular, and Firebase
Subscription Payments with Stripe, Angular, and Firebase
Fireship
52 Firestore with AngularFire5 Quick Start Tutorial
Firestore with AngularFire5 Quick Start Tutorial
Fireship
53 Angular HTTP Client Quick Start Tutorial
Angular HTTP Client Quick Start Tutorial
Fireship
54 Google Sign-In with Firestore Custom User Data
Google Sign-In with Firestore Custom User Data
Fireship
55 Star Review System from Scratch with Firestore + Angular
Star Review System from Scratch with Firestore + Angular
Fireship
56 Angular Chatbot with Dialogflow (API.ai)
Angular Chatbot with Dialogflow (API.ai)
Fireship
57 Learn @ngrx/entity and Feature Modules
Learn @ngrx/entity and Feature Modules
Fireship
58 Infinite Scroll Pagination with Firestore
Infinite Scroll Pagination with Firestore
Fireship
59 Faster Firestore via Data Aggregation
Faster Firestore via Data Aggregation
Fireship
60 Contentful - CMS for Angular Progressive Web Apps
Contentful - CMS for Angular Progressive Web Apps
Fireship

The XZ Utils compression library was backdoored by a hacker, compromising Linux distros, and allowing the attacker to intercept and modify data. Learn how the attack happened and how it was discovered.

Key Takeaways
  1. Understand the XZ Utils compression library and its usage in Linux distros
  2. Learn about the backdoor attack and how it was injected into the liblzma library
  3. Discover how the attack was discovered by a software engineer and the implications of the attack
  4. Take steps to secure your Linux system, such as upgrading to the latest version and monitoring for suspicious activity
💡 The attack on XZ Utils highlights the importance of security in open-source software and the need for vigilance in monitoring for suspicious activity.

Related Reads

Up next
6 NEW Bolt.new Updates You Probably Missed
Conor Martin
Watch →