Hacker News
- The xz-utils backdoor has been removed https://github.com/tukaani-project/xz/commit/e93e13c8b3bec925c56e0c0b675d8000a0f7f754 21 comments
- OpenBSD imports xz-utils https://marc.info/?l=openbsd-cvs&m=171200100510963&w=2 3 comments
- XZ-Utils: CMake: Fix sabotaged Landlock sandbox check. https://git.tukaani.org/?p=xz.git%3Ba%3Dcommitdiff%3Bh%3Df9cf4c05edd14dedfe63833f8ccbe41b55823b00 2 comments
- FAQ on the xz-utils backdoor https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 30 comments
- Debian on xz-utils: revert to version that does not contain changes by bad actor https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024 149 comments
- Deep Dive into XZ Utils Backdoor [video] https://www.youtube.com/watch?v=Q6ovtLdSbEA 90 comments
- OpenJS: "XZ Utils Cyberattack Likely Not an Isolated Incident" https://socket.dev/blog/openjs-xz-utils-cyberattack-likely-not-an-isolated-incident 25 comments
- XZ Utils review notes https://tukaani.org/xz-backdoor/review.html 7 comments
- Backdoor in XZ Utils That Almost Happened https://www.lawfaremedia.org/article/backdoor-in-xz-utils-that-almost-happened 8 comments
- XZ Utils Attack: A Threat Actor Spent 2 Years to Implement Linux Backdoor https://www.techrepublic.com/article/xz-backdoor-linux/ 4 comments
- Who is 'Jia Tan,' the coder behind the XZ Utils Linux backdoor? https://www.theverge.com/2024/4/3/24120244/who-is-jia-tan-the-coder-behind-the-xz-utils-linux-backdoor 4 comments
- What we know about the xz Utils backdoor that almost infected the world https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ 322 comments
- XZ Utils Backdoor https://tukaani.org/xz-backdoor/ 16 comments
- Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 21 comments
Lobsters
- XZ Utils review notes https://tukaani.org/xz-backdoor/review.html 17 comments security
- The XZ Utils backdoor is a symptom of a larger problem https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/ 9 comments security
- Faster LZMA decoder for x86 CPUs (patch for XZ Utils) https://gist.github.com/ilyakurdyukov/f514418f3affd677e1ac408ec0c09188 2 comments assembly , c
- Mixed feelings after Github took down xz-utils https://www.openwall.com/lists/oss-security/2024/03/29/4 58 comments github
- Help, Pacman uninstalled xz-utils https://www.reddit.com/r/archlinux/comments/5lgsxf/help_pacman_uninstalled_xzutils/ 5 comments archlinux
- Debian (and thus Ubuntu) is still shipping with a version of XZ-utils that dates from 2012 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731634 47 comments linux
- Deep Dive into XZ Utils Backdoor [video] https://www.youtube.com/watch?v=Q6ovtLdSbEA 3 comments programming
- Deep Dive into XZ Utils Backdoor - Columbia University Lecture https://www.youtube.com/watch?v=Q6ovtLdSbEA 2 comments reverseengineering
- XZ Utils is back on GitHub and Lasse Collin has been unbanned https://github.com/tukaani-project/xz 158 comments linux
- This backdoor almost infected Linux everywhere: The XZ Utils close call https://www.zdnet.com/article/this-backdoor-almost-infected-linux-everywhere-the-xz-utils-close-call/ 3 comments technology
- On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths https://jdsalaro.com/note/xz-liblzma-linux-backdoor-foss-pitfalls-strengths/ 71 comments linux
- Performance obsessed dev caught xz Utils backdoor https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ 284 comments programming
- Are You Affected by the Backdoor in XZ Utils? https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils 185 comments linux
- XZ Utils backdoor https://tukaani.org/xz-backdoor/ 2 comments gentoo
- XZ Utils backdoor https://tukaani.org/xz-backdoor/ 271 comments linux
- What we know about the XZ Utils backdoor that almost infected the world — Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ 16 comments technology