Linux got wrecked by backdoor attack
Key Takeaways
The XZ Utils compression library was backdoored by a hacker, compromising Linux distros like Debian, OpenSUSE, and Fedora, with a sophisticated attack that injected malicious code into the liblzma library, allowing the attacker to intercept and modify data, and only accessible with a secret key.
Full Transcript
over the last few days the open source world has been in panic mode a highly sophisticated and carefully planned attack affecting the XZ compression tool was shipped to production and it's compromised Linux dros like Debian CI open Susa and others thank God Temple OS is unaffected though and it's quite possibly one of the most well executed supply chain attacks of all time and give some random dude unfettered access to execute code on your machine via a secret back door this is not your everyday security vulnerability it's a Threat Level Midnight 10.0 critical issue on the cve RoR scale even higher than famous bugs like heart bleed log for shell and shell shock in today's video you'll learn exactly how the XZ back door works and the incredible story of how it was discovered by accident it is April 1st 2024 and you're watching the code report unfortunately this is not an April Fool's video If you happen to be using one of the Linux distros listed here you'll want to upgrade immediately luckily it only affects a very narrow set of dros most of which are unstable builds but that's only because this back door was discovered by pure luck early on more on that in just a second let's first take a deep dive into this back door XY utils is a tool for compressing and decompressing streams based on the lle ziv Markoff chain algorithm or lzma it contains a command line tool that's installed on most Linux dros by default which you can use right now with the XZ command but also contains an API Library called lib lzma and many other pieces of software depend on this library to implement compression one of which is sshd or secure shell demon a tool that listens to SSH connection like when you connect your local machine to the terminal on a Cloud Server and now here's where the back door comes in but keep in mind researchers are still figuring out exactly how this thing works malicious code was discovered in the tarballs of lib lzma which is the thing that most people actually install that malicious code is not present in the source code though it uses a series of obfuscations to hide the malicious code then at build time it injects a pre-built object disguised as a test file that lives in the source code it modifies specific parts of the lzma code which ultimately allows the attach ha ER to intercept and modify data that interacts with this Library researchers have also discovered that any payload sent to the back door must be signed by the attacker's private key in other words the attacker is the only one who can send a payload to the back door making it more difficult to test and monitor and the attacker went to Great Lengths to obfuscate the code like it contains no asky characters and instead has a built-in State machine to recognize important strings now because the vast majority of servers that power the internet are Linux based this back door could have been a major disaster luckily though a hero software engineer named Andre frin was using the unstable branch of Debian to Benchmark postgress he noticed something weird that most people would Overlook SSH logins were using up more CPU resources than normal initially he thought it was an issue in Debian directly but after some investigation discovered it was actually Upstream in XY utils and that's really bad because so many things depend on this tool in German his last name translates to friend which is fitting because he single-handedly helped the world avoid a multi-billion dollar disaster but who done it who's the a bad guy here at this point it's unclear the lib lzma project is maintained by Lassie Colin however the malicious tarballs are assed by giaan a contributor to the project this individual has been a trusted contributor for the last few years but clearly they've been playing the long game they spent years building up trust before trying the back door and nobody even noticed when they made their move I say they because we don't know if this is an individual or a penetration attempt from a rogue State like Russia North Korea or the United States here's a non-technical analogy imagine there's a landlord we'll call him Lassie Colin who manages a popular apartment building it's a lot of work but this young enthusiastic guy has been super helpful over the last couple years adding all sorts of upgrades and Renovations let's call him gatan he does great work but he's also been secretly installing cameras in the bathrooms which only he can access from the internet with his password now he would have gotten away with it too if it weren't for a pesky tenant named andrees who happened to notice that his electricity bill was just a little bit higher than usual he started looking behind the walls and found some unexpected wies that led right to the unauthorized cameras at this point we don't know the true identity of the hacker but whoever did this was looking to cast a very wide net and because it's protected by a secret key can only be exploited by one party XZ was a Sitting Duck because it's extremely popular while also being very boring with a single maintainer whoever's behind this is either an extremely intelligent psychopath or more likely a group of state sponsored Dimension hopping lizard people hellbent on world domination and that's why the only drro you should use is Temple OS this has been the code report thanks for watching watching and I will see you in the next one
Original Description
A popular compression library called XZ Utils was recently backdoored by a hacker which compromised Linux distros like Debian, OpenSUSE, Fedora, and Kali. Learn how the liblzma hack happened who is behind it.
#programming #linux #thecodereport
💬 Chat with Me on Discord
https://discord.gg/fireship
🔗 Resources
Details of XZ vulnerability https://www.openwall.com/lists/oss-security/2024/03/29/4
CVE-2024-3094 https://access.redhat.com/security/cve/cve-2024-3094#cve-cvss-v3
Weird Algorithms https://youtu.be/SmyPTnlqhlk
Cryptography Tutorial https://youtu.be/NuyzuNBFWxQ
🔥 Get More Content - Upgrade to PRO
Upgrade at https://fireship.io/pro
Use code YT25 for 25% off PRO access
🎨 My Editor Settings
- Atom One Dark
- vscode-icons
- Fira Code Font
🔖 Topics Covered
Overview of cve-2024-3094
Can Linux be hacked?
Who is behind XZ backdoor attack?
Home does XZ backdoor work?
Worst hacking incidents of 2024
Which Linux distros were affected by XZ attack?
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Fireship · Fireship · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Angular 4 Development and Production Environments with Firebase
Fireship
OAuth with Angular and Firebase Tutorial
Fireship
Anonymous Authentication with Angular and Firebase - Lazy Registration
Fireship
Angular Router Guards for Firebase Users
Fireship
Angular Firebase CRUD App with NoSQL Database Tutorial
Fireship
Upload Files from Angular to Firebase Storage
Fireship
How to Deploy an Angular App to Firebase Hosting
Fireship
Sharing Data between Components in Angular
Fireship
Loading Spinners for Asynchronous Firebase Data
Fireship
Angular 4 Transactional Email with Google Firebase Cloud Functions
Fireship
Firebase Database Rules Tutorial
Fireship
Autocomplete Search with Angular4 and Firebase
Fireship
Reddit Inspired Upvoting System with Angular and Firebase NoSQL
Fireship
Angular Drag-and-Drop File Uploads to Firebase Storage
Fireship
Text Translation with Firebase Cloud Functions onWrite and Angular 4
Fireship
Custom Usernames with Firebase Authentication
Fireship
Twitter-Inspired Follow Unfollow Feature with Firebase and Angular 4
Fireship
Simple Pagination with Firebase and Angular 4
Fireship
How to Connect Firebase Users to their Data - 3 Methods
Fireship
Add Toast Message Notifications to your Angular App
Fireship
Facebook-Inspired Reactions System with Angular and Firebase
Fireship
Learn NgModule in Angular with Examples
Fireship
Lazy Loading Components in Angular 4
Fireship
Stripe Checkout Payments with Angular and Firebase - Part 1
Fireship
Process Stripe Payments with Firebase Cloud Functions - Part 2
Fireship
Selling Digital Content in Angular with Stripe Payments - Part 3
Fireship
Angular 4 Full Text Search with Algolia - Part 1
Fireship
Algolia with Firebase Cloud Functions - Part 2
Fireship
Firebase Phone Authentication in Angular 4
Fireship
Top 7 RxJS Concepts for Angular Developers
Fireship
Learn Angular Animations with 5 Examples
Fireship
Advanced Firebase Data Filtering (Multi-Property)
Fireship
Realtime Maps with Mapbox + Firebase + Angular
Fireship
Angular Reactive Forms with Firebase Database Backend
Fireship
Send Push Notifications in Angular with Firebase Cloud Messaging
Fireship
Top 7 Ways to Debug Angular 4 Apps
Fireship
Infinite Scroll with Angular and Firebase
Fireship
Use TypeScript with Firebase Cloud Functions
Fireship
Realtime Graphs and Charts with Plotly and Firebase
Fireship
Role-Based User Permissions in Firebase
Fireship
User Presence System in Realtime - Online, Offline, Away
Fireship
Location-based Queries with GeoFire and Angular Google Maps
Fireship
Angular ngrx Redux Quick Start Tutorial
Fireship
Angular Ngrx Effects with Firebase Database
Fireship
Progressive Web Apps with Angular
Fireship
Angular Ngrx with Firebase Google OAuth User Authentication
Fireship
RxJS Quick Start with Practical Examples
Fireship
Send SMS Text Messages with Twilio and Firebase
Fireship
Firebase Database Performance Profiling
Fireship
Native Desktop Apps with Angular and Electron
Fireship
Subscription Payments with Stripe, Angular, and Firebase
Fireship
Firestore with AngularFire5 Quick Start Tutorial
Fireship
Angular HTTP Client Quick Start Tutorial
Fireship
Google Sign-In with Firestore Custom User Data
Fireship
Star Review System from Scratch with Firestore + Angular
Fireship
Angular Chatbot with Dialogflow (API.ai)
Fireship
Learn @ngrx/entity and Feature Modules
Fireship
Infinite Scroll Pagination with Firestore
Fireship
Faster Firestore via Data Aggregation
Fireship
Contentful - CMS for Angular Progressive Web Apps
Fireship
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
A Gen X entrepreneur closing their laptop at the end of a productive, shortened workday, ready to…
Medium · AI
Earning Technical Certifications in 5 Steps with AI Tools
Dev.to AI
10 AI Tools That Can Save You Hours Every Week
Medium · AI
I Built Python Tools for Small Problems — They Ended Up Saving Me Hours
Medium · Programming
🎓
Tutor Explanation
DeepCamp AI