diff --git a/index.html b/index.html
index cc3fbf5..2263997 100644
--- a/index.html
+++ b/index.html
@@ -39,6 +39,6 @@
                 (getOptions || markmap.deriveOptions)(jsonOptions),
                 root2
               );
-            })(() => window.markmap,null,{"content":"xz backdoor (2024)","children":[{"content":"known vulnerable versions","children":[{"content":"XZ Utils 5.6.0","children":[],"payload":{"lines":"5,6"}},{"content":"XZ Utils 5.6.1","children":[],"payload":{"lines":"6,8"}}],"payload":{"lines":"3,4"}},{"content":"bad actor","children":[{"content":"<span style=\"color:red\"><strong>Jia Tan</strong></span> (<a href=\"https://github.com/JiaT75\">github.com/JiaT75</a>)","children":[{"content":"<strong>infamy!</strong> managed to became co-maintainer of XZ-Utils by helping Lasse first, and eventually implanting sophisticated backdoor.","children":[],"payload":{"lines":"11,12"}},{"content":"jiat0218@gmail.com","children":[],"payload":{"lines":"12,13"}}],"payload":{"lines":"10,13"}},{"content":"<span style=\"color:red\">high likely there are more</span>","children":[],"payload":{"lines":"13,15"}}],"payload":{"lines":"8,9"}},{"content":"xz author","children":[{"content":"<strong>Lasse Collin</strong> (<a href=\"https://github.com/Larhzu\">github.com/Larhzu</a>)","children":[{"content":"<strong>please stay strong!</strong> any software maintainer could be such a victim. everyone, please show him support and empathy.","children":[],"payload":{"lines":"18,19"}}],"payload":{"lines":"17,19"}},{"content":"<a href=\"https://tukaani.org/\">The Tukaani Project</a>","children":[{"content":"repo: <a href=\"https://git.tukaani.org/?p=xz.git\">XZ Utils</a> (backdoor has been removed on 2024-04-09)","children":[],"payload":{"lines":"20,21"}},{"content":"github: <a href=\"https://github.com/tukaani-project/xz\">XZ Utils</a> (repository has been reactivated on 2024-04-09)","children":[],"payload":{"lines":"21,22"}},{"content":"page: <a href=\"https://tukaani.org/xz-backdoor/\">XZ Utils backdoor</a>","children":[],"payload":{"lines":"22,23"}},{"content":"page: <a href=\"https://tukaani.org/contact.html\">Contact information</a>","children":[],"payload":{"lines":"23,24"}}],"payload":{"lines":"19,24"}},{"content":"mail: <a href=\"https://lkml.org/lkml/2024/3/30/188\">[tech-board] [PATCH 00/11] xz: Updates to license, filters, and compression options</a> at <a href=\"https://lkml.org/\">linux-kernel ML</a> (2024-03-30)","children":[],"payload":{"lines":"24,26"}}],"payload":{"lines":"15,16"}},{"content":"discovery","children":[{"content":"by <strong>Andres Freund</strong> (<a href=\"https://mastodon.social/@AndresFreundTec\">@AndresFreundTec</a>)","children":[{"content":"<strong>props</strong> &amp; <strong>kudos!</strong> everyone, please give him a beer/coffee/drink/tea if you ever meet him!","children":[],"payload":{"lines":"29,30"}},{"content":"mail: <a href=\"https://www.openwall.com/lists/oss-security/2024/03/29/4\">backdoor in upstream xz/liblzma leading to ssh server compromise</a> at <a href=\"https://www.openwall.com/lists/oss-security/\">oss-security ML</a> (<a href=\"https://oss-security.openwall.org/wiki/mailing-lists/oss-security\">info</a>) (2024-03-29)","children":[],"payload":{"lines":"30,31"}},{"content":"toot: <a href=\"https://mastodon.social/@AndresFreundTec/112180083704606941\">I accidentally found a security issue while benchmarking postgres changes.</a> (2024-03-29)","children":[],"payload":{"lines":"31,32"}},{"content":"tweet: <a href=\"https://twitter.com/andresfreundtec/status/1774190743776866374\">FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins</a> (2024-03-30)","children":[],"payload":{"lines":"32,34"}}],"payload":{"lines":"28,34"}}],"payload":{"lines":"26,27"}},{"content":"root cause","children":[{"content":"by Russ Allbery (<a href=\"https://github.com/rra\">github.com/rra</a>)","children":[{"content":"\"The reality that we are struggling with is that the free software infrastructure on which much of computing runs is massively and painfully underfunded by society as a whole, and is almost entirely dependent on random people maintaining things in their free time because they find it fun, many of whom are close to burnout. This is, in many ways, the true root cause of this entire event.\" (<a href=\"https://lists.debian.org/debian-devel/2024/03/msg00344.html\">quote</a> from <a href=\"https://lists.debian.org/debian-devel/\">debian-devel ML</a>) (2024-03-29)","children":[],"payload":{"lines":"37,39"}}],"payload":{"lines":"36,39"}}],"payload":{"lines":"34,35"}},{"content":"CVE-2024-3094","children":[{"content":"page: <a href=\"https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\">Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 at CISA</a> (2024-03-29)","children":[],"payload":{"lines":"41,42"}},{"content":"page: <a href=\"https://www.cve.org/CVERecord?id=CVE-2024-3094\">CVE-2024-3094 at CVE.org</a> (2024-03-29+)","children":[],"payload":{"lines":"42,43"}},{"content":"page: <a href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-3094\">CVE-2024-3094 at NVD.NIST</a> (2024-03-29+)","children":[],"payload":{"lines":"43,44"}},{"content":"page: <a href=\"https://access.redhat.com/security/cve/CVE-2024-3094\">CVE-2024-3094 at Red Hat Customer Portal</a> (2024-03-29+)","children":[],"payload":{"lines":"44,45"}},{"content":"page: <a href=\"https://security.alpinelinux.org/vuln/CVE-2024-3094\">CVE-2024-3094 at Alpine Linux Security Issue Tracker</a> (2024-03-29)","children":[],"payload":{"lines":"45,46"}},{"content":"page: <a href=\"https://security-tracker.debian.org/tracker/CVE-2024-3094\">CVE-2024-3094 at Debian Security Bug Tracker</a> (2024-03-29+)","children":[],"payload":{"lines":"46,47"}},{"content":"page: <a href=\"https://ubuntu.com/security/CVE-2024-3094\">CVE-2024-3094 at Ubuntu Security</a> (2024-03-30)","children":[],"payload":{"lines":"47,48"}},{"content":"page: <a href=\"https://security.archlinux.org/CVE-2024-3094\">CVE-2024-3094 at Arch Linux Security Tracker</a> (2024-03-29)","children":[],"payload":{"lines":"48,49"}},{"content":"page: <a href=\"https://www.suse.com/security/cve/CVE-2024-3094.html\">CVE-2024-3094 at SUSE Security Tracker</a> (2024-03-28+)","children":[],"payload":{"lines":"49,51"}}],"payload":{"lines":"39,40"}},{"content":"bugtracker","children":[{"content":"Debian","children":[{"content":"bug: <a href=\"https://bugs.debian.org/1068024\">1068024</a> <code>(CVE-2024-3094) - &gt;=app-arch/xz-utils-5.6.0: backdoor in release tarballs</code> (2024-03-29)","children":[],"payload":{"lines":"54,55"}}],"payload":{"lines":"53,55"}},{"content":"Gentoo","children":[{"content":"bug: <a href=\"https://bugs.gentoo.org/928134\">928134</a> <code>revert to version that does not contain changes by bad actor</code> (2024-03-29)","children":[],"payload":{"lines":"56,57"}}],"payload":{"lines":"55,57"}},{"content":"Red Hat","children":[{"content":"bug: <a href=\"https://bugzilla.redhat.com/2272210\">2272210</a> <code>(CVE-2024-3094) - CVE-2024-3094 xz: malicious code in distributed source</code> (2024-03-29)","children":[],"payload":{"lines":"58,59"}}],"payload":{"lines":"57,59"}},{"content":"SUSE","children":[{"content":"bug: <a href=\"https://bugzilla.suse.com/1222124\">1222124</a> <code>(CVE-2024-3094) - VUL-0: CVE-2024-3094: xz: backdoored 5.6.0,5.6.1 version</code> (2024-03-28)","children":[],"payload":{"lines":"60,61"}}],"payload":{"lines":"59,61"}},{"content":"Ubuntu","children":[{"content":"bugs: <a href=\"https://launchpad.net/bugs/cve/CVE-2024-3094\">CVE-2024-3094 in Launchpad CVE tracker</a> (2024-03-29+)","children":[],"payload":{"lines":"62,64"}}],"payload":{"lines":"61,64"}}],"payload":{"lines":"51,52"}},{"content":"advisory","children":[{"content":"Fedora","children":[{"content":"post: <a href=\"https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users\">Urgent security alert for Fedora Linux 40 and Fedora Rawhide users</a> (2024-03-29+)","children":[],"payload":{"lines":"67,68"}}],"payload":{"lines":"66,68"}},{"content":"Debian","children":[{"content":"mail: <a href=\"https://lists.debian.org/debian-security-announce/2024/msg00057.html\">[SECURITY] [DSA 5649-1] xz-utils security update</a> (2024-03-29)","children":[],"payload":{"lines":"69,70"}}],"payload":{"lines":"68,70"}},{"content":"openSUSE","children":[{"content":"post: <a href=\"https://news.opensuse.org/2024/03/29/xz-backdoor/\">openSUSE addresses supply chain attack against xz compression library</a> (2024-03-29)","children":[],"payload":{"lines":"71,72"}}],"payload":{"lines":"70,72"}},{"content":"Gentoo","children":[{"content":"page: <a href=\"https://security.gentoo.org/glsa/202403-04\">XZ utils: Backdoor in release tarballs (GLSA 202403-04)</a> (2024-03-29)","children":[],"payload":{"lines":"73,74"}}],"payload":{"lines":"72,74"}},{"content":"Kali Linux","children":[{"content":"post: <a href=\"https://www.kali.org/blog/about-the-xz-backdoor/\">All about the xz-utils backdoor</a> (2024-03-29)","children":[],"payload":{"lines":"75,76"}}],"payload":{"lines":"74,76"}},{"content":"Arch Linux","children":[{"content":"post: <a href=\"https://archlinux.org/news/the-xz-package-has-been-backdoored/\">The xz package has been backdoored</a> (2024-03-29)","children":[],"payload":{"lines":"77,78"}},{"content":"page: <a href=\"https://security.archlinux.org/ASA-202403-1\">[ASA-202403-1] xz: arbitrary code execution</a> (2024-03-29)","children":[],"payload":{"lines":"78,79"}}],"payload":{"lines":"76,79"}},{"content":"Alpine Linux","children":[{"content":"post: <a href=\"https://alpinelinux.org/posts/XZ-backdoor-CVE-2024-3094.html\">Backdoor found in xz package source</a> (2024-03-31)","children":[],"payload":{"lines":"80,81"}}],"payload":{"lines":"79,81"}},{"content":"Amazon Linux","children":[{"content":"post: <a href=\"https://aws.amazon.com/security/security-bulletins/AWS-2024-002/\">CVE-2024-3094</a> (2024-03-29)","children":[],"payload":{"lines":"82,83"}}],"payload":{"lines":"81,83"}},{"content":"NixOS","children":[{"content":"post: <a href=\"https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405\">CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs</a> (2024-03-29+)","children":[],"payload":{"lines":"84,85"}}],"payload":{"lines":"83,85"}},{"content":"FreeBSD","children":[{"content":"mail: <a href=\"https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html\">Disclosed backdoor in xz releases - FreeBSD not affected</a> (2024-03-29)","children":[],"payload":{"lines":"86,87"}}],"payload":{"lines":"85,87"}},{"content":"NetBSD","children":[{"content":"post: <a href=\"https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz\">Statement on backdoor in xz library</a> (2024-03-30)","children":[],"payload":{"lines":"88,89"}}],"payload":{"lines":"87,89"}},{"content":"GitHub","children":[{"content":"page: <a href=\"https://github.com/advisories/GHSA-rxwq-x6h5-x525\">Malicious code was discovered in the upstream tarballs of... (GHSA-rxwq-x6h5-x525)</a> (2024-03-29)","children":[],"payload":{"lines":"90,91"}}],"payload":{"lines":"89,91"}},{"content":"CERT-EU","children":[{"content":"post: <a href=\"https://cert.europa.eu/publications/security-advisories/2024-032/\">Critical Vulnerability in XZ Utils</a> (2023-03-29+)","children":[],"payload":{"lines":"92,94"}}],"payload":{"lines":"91,94"}}],"payload":{"lines":"64,65"}},{"content":"analysis","children":[{"content":"by Merav Bar, Amitai Cohen (<a href=\"https://infosec.exchange/@AmitaiCo\">@AmitaiCo</a>), Danielle Aminov (<a href=\"https://mastodon.social/@danielleaminov\">@danielleaminov</a>)","children":[{"content":"post: <a href=\"https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils\">Backdoor in XZ Utils allows RCE: everything you need to know</a> (2024-03-29++)","children":[],"payload":{"lines":"97,98"}}],"payload":{"lines":"96,98"}},{"content":"by nugxperience (<a href=\"https://twitter.com/nugxperience\">@nugxperience</a>)","children":[{"content":"tweet: <a href=\"https://twitter.com/nugxperience/status/1773906926503591970\">The AWK portion of the #xz #backdoor decoding script is implementing a modified RC4 algorithm.</a> (2024-03-30)","children":[],"payload":{"lines":"99,100"}}],"payload":{"lines":"98,100"}},{"content":"by alden (<a href=\"https://twitter.com/birchb0y\">@birchb0y</a>)","children":[{"content":"github: <a href=\"https://github.com/ald3ns/xz-backdoor-github-analysis\">XZ Backdoor Github Analysis - Jupyter Notebook to graph a users commit history over time</a> (2024-03-30)","children":[],"payload":{"lines":"101,102"}},{"content":"tweet: <a href=\"https://twitter.com/birchb0y/status/1773871381890924872\">If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity.</a> (2024-03-30)","children":[],"payload":{"lines":"102,103"}}],"payload":{"lines":"100,103"}},{"content":"by Gynvael Coldwind (<a href=\"https://infosec.exchange/@gynvael\">@gynvael</a>)","children":[{"content":"post: <a href=\"https://gynvael.coldwind.pl/?lang=en&amp;id=782\">xz/liblzma: Bash-stage Obfuscation Explained</a> (2024-03-30)","children":[],"payload":{"lines":"104,105"}},{"content":"toot: <a href=\"https://infosec.exchange/@gynvael/112186403234118116\">Some notes from analyzing the bash part obfuscation of the xz/liblzma part</a> (2024-03-30)","children":[],"payload":{"lines":"105,106"}}],"payload":{"lines":"103,106"}},{"content":"by Serge Bazanski  (<a href=\"https://social.hackerspace.pl/@q3k\">@q3k</a>)","children":[{"content":"gist: <a href=\"https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01\">liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)</a> (2024-03-30)","children":[],"payload":{"lines":"107,108"}},{"content":"toot: <a href=\"https://social.hackerspace.pl/@q3k/112184695043115759\">List of encoded strings within the liblzma/xz backdoor payload (5.6.1)</a> (2024-03-30)","children":[],"payload":{"lines":"108,109"}}],"payload":{"lines":"106,109"}},{"content":"by Stefano Moioli (<a href=\"https://github.com/smx-smx\">github.com/smx-smx</a>)","children":[{"content":"gist: <a href=\"https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504\">[WIP] XZ Backdoor Analysis and symbol mapping</a> (2024-03-30+)","children":[],"payload":{"lines":"110,111"}},{"content":"github: <a href=\"https://github.com/smx-smx/xzre\">xzre - Reverse engineering of the XZ backdoor</a> (2024-04-02+)","children":[],"payload":{"lines":"111,112"}},{"content":"page: <a href=\"https://smx-smx.github.io/xzre/\">xzre Documentation generated by Doxygen</a> (2024-04-04+)","children":[],"payload":{"lines":"112,113"}}],"payload":{"lines":"109,113"}},{"content":"by Rhea Karty and Simon Henniger","children":[{"content":"post: <a href=\"https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and\">XZ Backdoor: Times, damned times, and scams</a> (2024-03-30)","children":[],"payload":{"lines":"114,115"}}],"payload":{"lines":"113,115"}},{"content":"by Connor Tumbleson (<a href=\"https://infosec.exchange/@iBotPeaches\">@iBotPeaches</a>)","children":[{"content":"post: <a href=\"https://connortumbleson.com/2024/03/31/watching-xz-unfold-from-afar/\">Watching xz unfold from afar</a> (2024-03-30+)","children":[],"payload":{"lines":"116,117"}}],"payload":{"lines":"115,117"}},{"content":"by Jonathan Schleifer (<a href=\"https://ap.nil.im/js\">@js</a>)","children":[{"content":"wiki: <a href=\"https://github.com/Midar/xz-backdoor-documentation/wiki\">xz-backdoor-documentation</a> (2024-03-30+)","children":[],"payload":{"lines":"118,119"}},{"content":"toot: <a href=\"https://ap.nil.im/notice/AgOBVh5Tq1IjfawZvM\">I started a writeup of what I found so far about the #xz backdoor</a> (2024-03-30)","children":[],"payload":{"lines":"119,120"}}],"payload":{"lines":"117,120"}},{"content":"by Michael Karcher (<a href=\"https://github.com/karcherm\">github.com/karcherm</a>)","children":[{"content":"github: <a href=\"https://github.com/karcherm/xz-malware\">xz-malware - Stuff discovered while analyzing the malware hidden in xz-utils 5.6.0 and 5.6.1</a> (2024-03-31+)","children":[],"payload":{"lines":"121,122"}}],"payload":{"lines":"120,122"}},{"content":"by Anthony Weems (<a href=\"https://infosec.exchange/@amlw\">@amlw</a>)","children":[{"content":"github: <a href=\"https://github.com/amlweems/xzbot\">xzbot - notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)</a> (2024-04-01)","children":[],"payload":{"lines":"123,124"}},{"content":"tweet: <a href=\"https://twitter.com/amlweems/status/1774819428208689241\">I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE</a> (2024-04-01)","children":[],"payload":{"lines":"124,125"}}],"payload":{"lines":"122,125"}},{"content":"by Peter Geissler (<a href=\"https://infosec.exchange/@blasty\">@blasty</a>)","children":[{"content":"tweet: <a href=\"https://twitter.com/bl4sty/status/1776691497506623562\">the xz sshd backdoor rabbithole goes quite a bit deeper.</a> (2024-04-06)","children":[],"payload":{"lines":"126,127"}},{"content":"thread: <a href=\"https://threadreaderapp.com/thread/1776691497506623562.html\">the xz sshd backdoor rabbithole goes quite a bit deeper.</a> (2024-04-06)","children":[],"payload":{"lines":"127,128"}},{"content":"github: <a href=\"https://github.com/blasty/JiaTansSSHAgent\">Jia Tan's SSH Agent - Simple SSH Agent that implements some of the XZ sshd backdoor functionality.</a> (2024-04-08)","children":[],"payload":{"lines":"128,130"}}],"payload":{"lines":"125,130"}}],"payload":{"lines":"94,95"}},{"content":"distillation","children":[{"content":"by Sam James (<a href=\"https://social.treehouse.systems/@thesamesam\">@thesamesam</a>)","children":[{"content":"gist: <a href=\"https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27\">FAQ on the xz-utils backdoor (CVE-2024-3094)</a> (2024-03-29+)","children":[],"payload":{"lines":"133,134"}},{"content":"toot: <a href=\"https://social.treehouse.systems/@thesamesam/112193966262726793\">Since the #xz incident started, I've been maintaining an FAQ/living document on what we know</a> (2024-04-01)","children":[],"payload":{"lines":"134,135"}}],"payload":{"lines":"132,135"}},{"content":"by Evan Boehs (<a href=\"https://social.coop/@eb\">@eb</a>)","children":[{"content":"post: <a href=\"https://boehs.org/node/everything-i-know-about-the-xz-backdoor\">Everything I Know About the XZ Backdoor</a> (2024-03-29+)","children":[],"payload":{"lines":"136,137"}},{"content":"toot: <a href=\"https://social.coop/@eb/112180540086255196\">I have begun a post explaining this situation in a more detailed writeup.</a> (2024-03-29)","children":[],"payload":{"lines":"137,138"}}],"payload":{"lines":"135,138"}},{"content":"by Russ Cox (<a href=\"https://hachyderm.io/@rsc\">@rsc</a>)","children":[{"content":"post: <a href=\"https://research.swtch.com/xz-timeline\">Timeline of the xz open source attack</a> (2024-04-01+)","children":[],"payload":{"lines":"139,140"}},{"content":"toot: <a href=\"https://hachyderm.io/@rsc/112199506755478946\">I put together a timeline of the xz attack, dating back to 2021.</a> (2024-04-02)","children":[],"payload":{"lines":"140,141"}},{"content":"post: <a href=\"https://research.swtch.com/xz-script\">The xz attack shell script</a> (2024-04-02)","children":[],"payload":{"lines":"141,142"}},{"content":"toot: <a href=\"https://hachyderm.io/@rsc/112200603337903320\">A walkthrough of the xz attack shell script.</a> (2024-04-02)","children":[],"payload":{"lines":"142,143"}}],"payload":{"lines":"138,143"}},{"content":"by Filippo Valsorda (<a href=\"https://mastodon.social/@filippo@abyssdomain.expert\">@filippo</a>)","children":[{"content":"toot: <a href=\"https://mastodon.social/@filippo@abyssdomain.expert/112185827535824541\">I'm watching some folks reverse engineer the xz backdoor, sharing some <em>preliminary</em> analysis with permission.</a> (2024-03-30)","children":[],"payload":{"lines":"144,145"}}],"payload":{"lines":"143,145"}},{"content":"by Dan Goodin (<a href=\"https://infosec.exchange/@dangoodin\">@dangoodin</a>)","children":[{"content":"post: <a href=\"https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/\">What we know about the xz Utils backdoor that almost infected the world</a> (2024-04-01)","children":[],"payload":{"lines":"146,147"}}],"payload":{"lines":"145,147"}},{"content":"by Daroc Alden (<a href=\"https://twitter.com/setupminimal\">@setupminimal</a>)","children":[{"content":"post: <a href=\"https://lwn.net/Articles/967192/\">How the XZ backdoor works</a> (2024-04-02+)","children":[],"payload":{"lines":"148,149"}}],"payload":{"lines":"147,149"}},{"content":"by Low Level Learning (<a href=\"https://twitter.com/@LowLevelTweets\">@LowLevelTweets</a>)","children":[{"content":"video: <a href=\"https://www.youtube.com/watch?v=vV_WdTBbww4\">revealing the features of the XZ backdoor</a> based on xzbot (2024-04-03)","children":[],"payload":{"lines":"150,151"}}],"payload":{"lines":"149,151"}},{"content":"by Christian Weisgerber (naddy)","children":[{"content":"mail: <a href=\"https://marc.info/?l=openbsd-misc&amp;m=171227941117852\">lcamtuf on the recent xz debacle</a> (2024-04-05)","children":[],"payload":{"lines":"152,154"}}],"payload":{"lines":"151,154"}}],"payload":{"lines":"130,131"}},{"content":"infographic","children":[{"content":"by Danielle Aminov (<a href=\"https://mastodon.social/@danielleaminov\">@danielleaminov</a>)","children":[{"content":"image: <a href=\"https://www.datocms-assets.com/75231/1711898124-liblzma_flow_w_logo-1.png\">liblzma_flow_w_logo-1.png</a> used in Wiz post (2024-03-31)","children":[],"payload":{"lines":"157,158"}},{"content":"toot: <a href=\"https://mastodon.social/@danielleaminov/112200745031488946\">I've been looking into how the xz backdoor works and drew this sketch to make it easier to understand.</a> (2024-04-02)","children":[],"payload":{"lines":"158,159"}}],"payload":{"lines":"156,159"}},{"content":"by Thomas Roccia (<a href=\"https://infosec.exchange/@fr0gger\">@fr0gger</a>)","children":[{"content":"toot: <a href=\"https://infosec.exchange/@fr0gger/112189232773640259\">I tried to make sense of the analysis in a single page (which was quite complicated)!</a> Part 1 w/ LQ img (2024-03-31)","children":[],"payload":{"lines":"160,161"}},{"content":"tweet: <a href=\"https://twitter.com/fr0gger_/status/1774342248437813525\">I tried to make sense of the analysis in a single page (which was quite complicated)!</a> Part 1 w/ HQ img (2024-03-31)","children":[],"payload":{"lines":"161,162"}},{"content":"toot: <a href=\"https://infosec.exchange/@fr0gger/112211836264840207\">I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview.</a> Part 2 w/ LQ img (2024-04-04)","children":[],"payload":{"lines":"162,163"}},{"content":"tweet: <a href=\"https://twitter.com/fr0gger_/status/1775759514249445565\">I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview.</a> Part 2 w/ HQ img (2024-04-04)","children":[],"payload":{"lines":"163,164"}}],"payload":{"lines":"159,164"}},{"content":"by ACE Responder (<a href=\"https://twitter.com/ACEResponder\">@ACEResponder</a>)","children":[{"content":"tweet: <a href=\"https://twitter.com/ACEResponder/status/1776749649266692420\">How the #XZUtils SSHD backdoor works.</a> animation based on xzbot (2024-04-07)","children":[],"payload":{"lines":"165,167"}}],"payload":{"lines":"164,167"}}],"payload":{"lines":"154,155"}},{"content":"detection","children":[{"content":"by Vegard Nossum (<a href=\"https://mastodon.social/@vegard\">@vegard</a>)","children":[{"content":"file: <a href=\"https://www.openwall.com/lists/oss-security/2024/03/29/4/3\">detect.sh</a> (warning: uses ldd which is <a href=\"https://dwheeler.com/program-library/Program-Library-HOWTO/x36.html\">unsafe unless you trust its target</a>) (2024-03-29)","children":[],"payload":{"lines":"170,171"}},{"content":"toot: <a href=\"https://mastodon.social/@vegard/112179869758119960\">Upstream backdoor discovered in xz-utils/liblzma</a> (2024-03-29)","children":[],"payload":{"lines":"171,172"}}],"payload":{"lines":"169,172"}},{"content":"by Binarly (<a href=\"https://twitter.com/binarly_io\">@binarly_io</a>)","children":[{"content":"page: <a href=\"https://xz.fail/\">xz.fail - Binarly XZ backdoor detector</a> (2024-04-01)","children":[],"payload":{"lines":"173,174"}},{"content":"post: <a href=\"https://www.binarly.io/blog/xz-utils-supply-chain-puzzle-binarly-ships-free-scanner-for-cve-2024-3094-backdoor\">XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor</a> (2024-04-01)","children":[],"payload":{"lines":"174,176"}}],"payload":{"lines":"172,176"}}],"payload":{"lines":"167,168"}},{"content":"countermeasure","children":[{"content":"by Hank Leininger (<a href=\"https://github.com/hlein\">github.com/hlein</a>)","children":[{"content":"github: <a href=\"https://github.com/hlein/distro-backdoor-scanner\">distro-backdoor-scanner - tools to scan OS distributions for backdoor indicators</a> (2024-04-01+)","children":[],"payload":{"lines":"179,181"}}],"payload":{"lines":"178,181"}}],"payload":{"lines":"176,177"}},{"content":"comments","children":[{"content":"<p data-lines=\"183,184\">by Jonathan Corbet (<a href=\"https://social.kernel.org/users/corbet\">@corbet</a>)</p>","children":[{"content":"toot: <a href=\"https://social.kernel.org/notice/AgM1lT6HeBpodOubEe\">Random, unordered, probably useless thoughts on today's apocalypxze...</a> (2024-03-29)","children":[],"payload":{"lines":"184,185"}},{"content":"post: <a href=\"https://lwn.net/Articles/967866/\">Free software's not-so-eXZellent adventure</a> (2024-04-02)","children":[],"payload":{"lines":"185,186"}}],"payload":{"lines":"183,186"}},{"content":"<p data-lines=\"186,187\">by Michał Zelewski (<a href=\"https://infosec.exchange/@lcamtuf\">@lcamtuf</a>)</p>","children":[{"content":"post: <a href=\"https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor\">Techies vs spies: the xz backdoor debate</a> (2024-03-30)","children":[],"payload":{"lines":"187,188"}},{"content":"toot: <a href=\"https://infosec.exchange/@lcamtuf/112182346314363746\">OK, so here's my slightly more eloquent take on the xz thing, complete with a zinger closing paragraph</a> (2024-03-30)","children":[],"payload":{"lines":"188,189"}},{"content":"post: <a href=\"https://lcamtuf.substack.com/p/oss-backdoors-the-allure-of-the-easy\">OSS backdoors: the folly of the easy fix</a> (2024-03-31)","children":[],"payload":{"lines":"189,190"}},{"content":"toot: <a href=\"https://infosec.exchange/@lcamtuf/112192465212699615\">The maintainers of libcolorpicker.so can’t be the only thing that stands between your critical infrastructure and Russian or Chinese intelligence services</a> (2024-03-31)","children":[],"payload":{"lines":"190,191"}}],"payload":{"lines":"186,191"}},{"content":"<p data-lines=\"191,192\">by Rob Mensching (<a href=\"https://twitter.com/robmen\">@robmen</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/robmen/status/1774067844785086775\">Lots of analysis of the xz/liblzma vulnerability. Most skip over the first step of the attack</a> (2024-03-30)","children":[],"payload":{"lines":"192,193"}},{"content":"post: <a href=\"https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/\">A Microcosm of the interactions in Open Source projects</a> (2024-03-30)","children":[],"payload":{"lines":"193,194"}},{"content":"post: <a href=\"https://robmensching.com/blog/posts/2024/03/31/what-could-be-done-to-support-open-source-maintainers/\">What could be done to support Open Source maintainers?</a> (2024-03-31)","children":[],"payload":{"lines":"194,195"}}],"payload":{"lines":"191,195"}},{"content":"<p data-lines=\"195,196\">by Devon Eriksen (<a href=\"https://twitter.com/Devon_Eriksen_\">@Devon_Eriksen_</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/Devon_Eriksen_/status/1774094415235092494\">Are you actually sitting there telling me that, in 2024, a significant open source project is using fucking Autotools instead of something like Cmake?</a>","children":[],"payload":{"lines":"196,197"}}],"payload":{"lines":"195,197"}},{"content":"<p data-lines=\"197,198\">by Dominik Czarnota (<a href=\"https://twitter.com/disconnect3d_pl\">@disconnect3d_pl</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/disconnect3d_pl/status/1774496509259645392\">Fwiw the \"disabled landlock\" case reminds me of all those \"security mitigation typos\" I found some time ago</a> (2024-03-31)","children":[],"payload":{"lines":"198,199"}}],"payload":{"lines":"197,199"}},{"content":"<p data-lines=\"199,200\">by Josh Bressers (<a href=\"https://infosec.exchange/@joshbressers\">@joshbressers</a>), Kurt Seifried (<a href=\"https://infosec.exchange/@kurtseifried\">@kurtseifried</a>)</p>","children":[{"content":"podcast: <a href=\"https://opensourcesecurity.io/2024/04/01/xz-bonus-spectacular-episode/\">Open Source Security - XZ Bonus Spectacular Episode</a> (2024-04-01)","children":[],"payload":{"lines":"200,201"}}],"payload":{"lines":"199,201"}},{"content":"<p data-lines=\"201,202\">by Brian Krebs (<a href=\"https://infosec.exchange/@briankrebs\">@briankrebs</a>)</p>","children":[{"content":"toot: <a href=\"https://infosec.exchange/@briankrebs/112197305365490518\">Some thoughts about attribution in the XZ backdoor, having just wasted so many hours digging into the details.</a> (2024-04-01)","children":[],"payload":{"lines":"202,203"}}],"payload":{"lines":"201,203"}},{"content":"<p data-lines=\"203,204\">by Ariadne Conill (<a href=\"https://social.treehouse.systems/@ariadne\">@ariadne</a>)</p>","children":[{"content":"post: <a href=\"https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/\">The XZ Utils backdoor is a symptom of a larger problem</a> (2024-04-02)","children":[],"payload":{"lines":"204,205"}},{"content":"toot: <a href=\"https://social.treehouse.systems/@ariadne/112200322089325192\">The XZ Utils backdoor is a symptom of a larger problem</a> (2024-04-02)","children":[],"payload":{"lines":"205,206"}}],"payload":{"lines":"203,206"}},{"content":"<p data-lines=\"206,207\">by Rachel Kroll</p>","children":[{"content":"post: <a href=\"https://rachelbythebay.com/w/2024/04/02/autoconf/\">autoconf makes me think we stopped evolving too soon</a> (2024-04-02)","children":[],"payload":{"lines":"207,208"}}],"payload":{"lines":"206,208"}},{"content":"<p data-lines=\"208,209\">by Patrick Gray (<a href=\"https://infosec.exchange/@riskybusiness\">@riskybusiness</a>), Adam Boileau (<a href=\"https://infosec.exchange/@metlstorm\">@metlstorm</a>)</p>","children":[{"content":"podcast: <a href=\"https://risky.biz/RB743/\">Risky Business #743 - A chat about the xz backdoor with the guy who found it</a> w/ special guest: Andres Freund (2024-04-03)","children":[],"payload":{"lines":"209,210"}}],"payload":{"lines":"208,210"}},{"content":"<p data-lines=\"210,211\">by Peter Geissler (<a href=\"https://infosec.exchange/@blasty\">@blasty</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/bl4sty/status/1775299293139575048\">xz bd engineer 1: bro, we need a way to probe the address space to make sure we never SEGV sshd</a> (2024-04-03)","children":[],"payload":{"lines":"211,212"}}],"payload":{"lines":"210,212"}},{"content":"<p data-lines=\"212,213\">by Alex Matrosov (<a href=\"https://twitter.com/matrosov\">@matrosov</a>)</p>","children":[{"content":"<a href=\"https://twitter.com/matrosov/status/1776693648916447735\">I'm not sure if someone noticed, but @HexRaysSA IDA shows a warning on the ifunc implantation technique used by #xzbackdoor</a> (2024-04-06)","children":[],"payload":{"lines":"213,214"}},{"content":"<a href=\"https://twitter.com/matrosov/status/1776701862936453284\">Our xz.fail scanner detects generically ifunc implantation #xzbackdoor technique on any ELF file and could spot other projects implanted by the same technique</a> (2024-04-06)","children":[],"payload":{"lines":"214,215"}}],"payload":{"lines":"212,215"}},{"content":"<p data-lines=\"215,216\">by Valentina Palmiotti (<a href=\"https://haunted.computer/@chompie1337\">@chompie1337</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/chompie1337/status/1776735428952940727\">A lot of tradecraft being burned here.</a> (2024-04-07)","children":[],"payload":{"lines":"216,217"}}],"payload":{"lines":"215,217"}},{"content":"<p data-lines=\"217,218\">by Adam Leventhal (<a href=\"https://mastodon.social/@ahl\">@ahl</a>), Bryan Cantrill (<a href=\"https://mastodon.social/@bcantrill\">@bcantrill</a>)</p>","children":[{"content":"toot: <a href=\"https://mastodon.social/@ahl/112242906033081880\">What an Oxide and Friends last night! @bcantrill and I were joined by the one and only @AndresFreundTec to talk about his discovery of the xz backdoor.</a> (2024-04-09)","children":[],"payload":{"lines":"218,219"}},{"content":"podcast: <a href=\"https://oxide.computer/podcasts/oxide-and-friends/1843393\">Oxide and Friends - Discovering the XZ Backdoor with Andres Freund</a> w/ special guest: Andres Freund (2024-04-10)","children":[],"payload":{"lines":"219,220"}}],"payload":{"lines":"217,220"}},{"content":"<p data-lines=\"220,221\">by Dirk Mueller / openSUSE Linux (<a href=\"https://fosstodon.org/@opensuse\">@opensuse</a>)</p>","children":[{"content":"toot: <a href=\"https://fosstodon.org/@opensuse/112258240858019079\">Dive into what happened with the #XZ #backdoor.</a> (2024-04-12)","children":[],"payload":{"lines":"221,222"}},{"content":"post: <a href=\"https://news.opensuse.org/2024/04/12/learn-from-the-xz-backdoor/\">What we need to take away from the XZ Backdoor</a> (2024-04-12)","children":[],"payload":{"lines":"222,224"}}],"payload":{"lines":"220,224"}},{"content":"<p data-lines=\"224,225\">collected by Michael Tsai (<a href=\"https://mastodon.social/@mjtsai\">@mjtsai</a>)</p>","children":[{"content":"post: <a href=\"https://mjtsai.com/blog/2024/04/01/xz-backdoor/\">xz Backdoor</a> (2024-04-01+)","children":[],"payload":{"lines":"225,227"}}],"payload":{"lines":"224,227"}},{"content":"<p data-lines=\"227,228\">by <a href=\"https://lwn.net/\">LWN.net</a> community</p>","children":[{"content":"post: <a href=\"https://lwn.net/Articles/967180/\">A backdoor in xz</a> (2024-03-29)","children":[],"payload":{"lines":"228,229"}}],"payload":{"lines":"227,229"}},{"content":"<p data-lines=\"229,230\">by <a href=\"https://lobste.rs/\">Lobsters</a> community</p>","children":[{"content":"post: <a href=\"https://lobste.rs/s/uihyvs/backdoor_upstream_xz_liblzma_leading_ssh\">backdoor in upstream xz/liblzma leading to ssh server compromise</a> (2024-03-29)","children":[],"payload":{"lines":"230,231"}}],"payload":{"lines":"229,231"}},{"content":"<p data-lines=\"231,232\">by <a href=\"https://news.ycombinator.com/\">Hacker News</a> community</p>","children":[{"content":"post: <a href=\"https://news.ycombinator.com/item?id=39865810\">Backdoor in upstream xz/liblzma leading to SSH server compromise</a> (2024-03-29)","children":[],"payload":{"lines":"232,233"}},{"content":"post: <a href=\"https://news.ycombinator.com/item?id=39874404\">Xz: Can you spot the single character that disabled Linux landlock?</a> (2024-03-30)","children":[],"payload":{"lines":"233,234"}},{"content":"post: <a href=\"https://news.ycombinator.com/item?id=39895344\">Xzbot: Notes, honeypot, and exploit demo for the xz backdoor</a> (2024-04-01)","children":[],"payload":{"lines":"234,235"}}],"payload":{"lines":"231,235"}},{"content":"<p data-lines=\"235,236\">by <a href=\"https://old.reddit.com/r/linux/\">reddit r/linux</a> community</p>","children":[{"content":"post: <a href=\"https://old.reddit.com/r/linux/comments/1bqt999/backdoor_in_upstream_xzliblzma_leading_to_ssh/\">backdoor in upstream xz/liblzma leading to ssh server compromise</a> (2024-03-29)","children":[],"payload":{"lines":"236,237"}}],"payload":{"lines":"235,237"}}],"payload":{"lines":"181,182"}}],"payload":{"lines":"1,2"}},{"colorFreezeLevel":2,"maxWidth":1300})</script>
+            })(() => window.markmap,null,{"content":"xz backdoor (2024)","children":[{"content":"known vulnerable versions","children":[{"content":"XZ Utils 5.6.0","children":[],"payload":{"lines":"5,6"}},{"content":"XZ Utils 5.6.1","children":[],"payload":{"lines":"6,8"}}],"payload":{"lines":"3,4"}},{"content":"bad actor","children":[{"content":"<span style=\"color:red\"><strong>Jia Tan</strong></span> (<a href=\"https://github.com/JiaT75\">github.com/JiaT75</a>)","children":[{"content":"<strong>infamy!</strong> managed to became co-maintainer of XZ-Utils by helping Lasse first, and eventually implanting sophisticated backdoor.","children":[],"payload":{"lines":"11,12"}},{"content":"jiat0218@gmail.com","children":[],"payload":{"lines":"12,13"}}],"payload":{"lines":"10,13"}},{"content":"<span style=\"color:red\">high likely there are more</span>","children":[],"payload":{"lines":"13,15"}}],"payload":{"lines":"8,9"}},{"content":"xz author","children":[{"content":"<strong>Lasse Collin</strong> (<a href=\"https://github.com/Larhzu\">github.com/Larhzu</a>)","children":[{"content":"<strong>please stay strong!</strong> any software maintainer could be such a victim. everyone, please show him support and empathy.","children":[],"payload":{"lines":"18,19"}}],"payload":{"lines":"17,19"}},{"content":"<a href=\"https://tukaani.org/\">The Tukaani Project</a>","children":[{"content":"repo: <a href=\"https://git.tukaani.org/?p=xz.git\">XZ Utils</a> (backdoor has been removed on 2024-04-09)","children":[],"payload":{"lines":"20,21"}},{"content":"github: <a href=\"https://github.com/tukaani-project/xz\">XZ Utils</a> (repository has been reactivated on 2024-04-09)","children":[],"payload":{"lines":"21,22"}},{"content":"page: <a href=\"https://tukaani.org/xz-backdoor/\">XZ Utils backdoor</a>","children":[],"payload":{"lines":"22,23"}},{"content":"page: <a href=\"https://tukaani.org/contact.html\">Contact information</a>","children":[],"payload":{"lines":"23,24"}}],"payload":{"lines":"19,24"}},{"content":"mail: <a href=\"https://lkml.org/lkml/2024/3/30/188\">[tech-board] [PATCH 00/11] xz: Updates to license, filters, and compression options</a> at <a href=\"https://lkml.org/\">linux-kernel ML</a> (2024-03-30)","children":[],"payload":{"lines":"24,26"}}],"payload":{"lines":"15,16"}},{"content":"discovery","children":[{"content":"by <strong>Andres Freund</strong> (<a href=\"https://mastodon.social/@AndresFreundTec\">@AndresFreundTec</a>)","children":[{"content":"<strong>props</strong> &amp; <strong>kudos!</strong> everyone, please give him a beer/coffee/drink/tea if you ever meet him!","children":[],"payload":{"lines":"29,30"}},{"content":"mail: <a href=\"https://www.openwall.com/lists/oss-security/2024/03/29/4\">backdoor in upstream xz/liblzma leading to ssh server compromise</a> at <a href=\"https://www.openwall.com/lists/oss-security/\">oss-security ML</a> (<a href=\"https://oss-security.openwall.org/wiki/mailing-lists/oss-security\">info</a>) (2024-03-29)","children":[],"payload":{"lines":"30,31"}},{"content":"toot: <a href=\"https://mastodon.social/@AndresFreundTec/112180083704606941\">I accidentally found a security issue while benchmarking postgres changes.</a> (2024-03-29)","children":[],"payload":{"lines":"31,32"}},{"content":"tweet: <a href=\"https://twitter.com/andresfreundtec/status/1774190743776866374\">FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins</a> (2024-03-30)","children":[],"payload":{"lines":"32,34"}}],"payload":{"lines":"28,34"}}],"payload":{"lines":"26,27"}},{"content":"root cause","children":[{"content":"by Russ Allbery (<a href=\"https://github.com/rra\">github.com/rra</a>)","children":[{"content":"\"The reality that we are struggling with is that the free software infrastructure on which much of computing runs is massively and painfully underfunded by society as a whole, and is almost entirely dependent on random people maintaining things in their free time because they find it fun, many of whom are close to burnout. This is, in many ways, the true root cause of this entire event.\" (<a href=\"https://lists.debian.org/debian-devel/2024/03/msg00344.html\">quote</a> from <a href=\"https://lists.debian.org/debian-devel/\">debian-devel ML</a>) (2024-03-29)","children":[],"payload":{"lines":"37,39"}}],"payload":{"lines":"36,39"}}],"payload":{"lines":"34,35"}},{"content":"CVE-2024-3094","children":[{"content":"page: <a href=\"https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\">Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 at CISA</a> (2024-03-29)","children":[],"payload":{"lines":"41,42"}},{"content":"page: <a href=\"https://www.cve.org/CVERecord?id=CVE-2024-3094\">CVE-2024-3094 at CVE.org</a> (2024-03-29+)","children":[],"payload":{"lines":"42,43"}},{"content":"page: <a href=\"https://nvd.nist.gov/vuln/detail/CVE-2024-3094\">CVE-2024-3094 at NVD.NIST</a> (2024-03-29+)","children":[],"payload":{"lines":"43,44"}},{"content":"page: <a href=\"https://access.redhat.com/security/cve/CVE-2024-3094\">CVE-2024-3094 at Red Hat Customer Portal</a> (2024-03-29+)","children":[],"payload":{"lines":"44,45"}},{"content":"page: <a href=\"https://security.alpinelinux.org/vuln/CVE-2024-3094\">CVE-2024-3094 at Alpine Linux Security Issue Tracker</a> (2024-03-29)","children":[],"payload":{"lines":"45,46"}},{"content":"page: <a href=\"https://security-tracker.debian.org/tracker/CVE-2024-3094\">CVE-2024-3094 at Debian Security Bug Tracker</a> (2024-03-29+)","children":[],"payload":{"lines":"46,47"}},{"content":"page: <a href=\"https://ubuntu.com/security/CVE-2024-3094\">CVE-2024-3094 at Ubuntu Security</a> (2024-03-30)","children":[],"payload":{"lines":"47,48"}},{"content":"page: <a href=\"https://security.archlinux.org/CVE-2024-3094\">CVE-2024-3094 at Arch Linux Security Tracker</a> (2024-03-29)","children":[],"payload":{"lines":"48,49"}},{"content":"page: <a href=\"https://www.suse.com/security/cve/CVE-2024-3094.html\">CVE-2024-3094 at SUSE Security Tracker</a> (2024-03-28+)","children":[],"payload":{"lines":"49,51"}}],"payload":{"lines":"39,40"}},{"content":"bugtracker","children":[{"content":"Debian","children":[{"content":"bug: <a href=\"https://bugs.debian.org/1068024\">1068024</a> <code>(CVE-2024-3094) - &gt;=app-arch/xz-utils-5.6.0: backdoor in release tarballs</code> (2024-03-29)","children":[],"payload":{"lines":"54,55"}}],"payload":{"lines":"53,55"}},{"content":"Gentoo","children":[{"content":"bug: <a href=\"https://bugs.gentoo.org/928134\">928134</a> <code>revert to version that does not contain changes by bad actor</code> (2024-03-29)","children":[],"payload":{"lines":"56,57"}}],"payload":{"lines":"55,57"}},{"content":"Red Hat","children":[{"content":"bug: <a href=\"https://bugzilla.redhat.com/2272210\">2272210</a> <code>(CVE-2024-3094) - CVE-2024-3094 xz: malicious code in distributed source</code> (2024-03-29)","children":[],"payload":{"lines":"58,59"}}],"payload":{"lines":"57,59"}},{"content":"SUSE","children":[{"content":"bug: <a href=\"https://bugzilla.suse.com/1222124\">1222124</a> <code>(CVE-2024-3094) - VUL-0: CVE-2024-3094: xz: backdoored 5.6.0,5.6.1 version</code> (2024-03-28)","children":[],"payload":{"lines":"60,61"}}],"payload":{"lines":"59,61"}},{"content":"Ubuntu","children":[{"content":"bugs: <a href=\"https://launchpad.net/bugs/cve/CVE-2024-3094\">CVE-2024-3094 in Launchpad CVE tracker</a> (2024-03-29+)","children":[],"payload":{"lines":"62,64"}}],"payload":{"lines":"61,64"}}],"payload":{"lines":"51,52"}},{"content":"advisory","children":[{"content":"Fedora","children":[{"content":"post: <a href=\"https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users\">Urgent security alert for Fedora Linux 40 and Fedora Rawhide users</a> (2024-03-29+)","children":[],"payload":{"lines":"67,68"}}],"payload":{"lines":"66,68"}},{"content":"Debian","children":[{"content":"mail: <a href=\"https://lists.debian.org/debian-security-announce/2024/msg00057.html\">[SECURITY] [DSA 5649-1] xz-utils security update</a> (2024-03-29)","children":[],"payload":{"lines":"69,70"}}],"payload":{"lines":"68,70"}},{"content":"openSUSE","children":[{"content":"post: <a href=\"https://news.opensuse.org/2024/03/29/xz-backdoor/\">openSUSE addresses supply chain attack against xz compression library</a> (2024-03-29)","children":[],"payload":{"lines":"71,72"}}],"payload":{"lines":"70,72"}},{"content":"Gentoo","children":[{"content":"page: <a href=\"https://security.gentoo.org/glsa/202403-04\">XZ utils: Backdoor in release tarballs (GLSA 202403-04)</a> (2024-03-29)","children":[],"payload":{"lines":"73,74"}}],"payload":{"lines":"72,74"}},{"content":"Kali Linux","children":[{"content":"post: <a href=\"https://www.kali.org/blog/about-the-xz-backdoor/\">All about the xz-utils backdoor</a> (2024-03-29)","children":[],"payload":{"lines":"75,76"}}],"payload":{"lines":"74,76"}},{"content":"Arch Linux","children":[{"content":"post: <a href=\"https://archlinux.org/news/the-xz-package-has-been-backdoored/\">The xz package has been backdoored</a> (2024-03-29)","children":[],"payload":{"lines":"77,78"}},{"content":"page: <a href=\"https://security.archlinux.org/ASA-202403-1\">[ASA-202403-1] xz: arbitrary code execution</a> (2024-03-29)","children":[],"payload":{"lines":"78,79"}}],"payload":{"lines":"76,79"}},{"content":"Alpine Linux","children":[{"content":"post: <a href=\"https://alpinelinux.org/posts/XZ-backdoor-CVE-2024-3094.html\">Backdoor found in xz package source</a> (2024-03-31)","children":[],"payload":{"lines":"80,81"}}],"payload":{"lines":"79,81"}},{"content":"Amazon Linux","children":[{"content":"post: <a href=\"https://aws.amazon.com/security/security-bulletins/AWS-2024-002/\">CVE-2024-3094</a> (2024-03-29)","children":[],"payload":{"lines":"82,83"}}],"payload":{"lines":"81,83"}},{"content":"NixOS","children":[{"content":"post: <a href=\"https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405\">CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs</a> (2024-03-29+)","children":[],"payload":{"lines":"84,85"}}],"payload":{"lines":"83,85"}},{"content":"FreeBSD","children":[{"content":"mail: <a href=\"https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html\">Disclosed backdoor in xz releases - FreeBSD not affected</a> (2024-03-29)","children":[],"payload":{"lines":"86,87"}}],"payload":{"lines":"85,87"}},{"content":"NetBSD","children":[{"content":"post: <a href=\"https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz\">Statement on backdoor in xz library</a> (2024-03-30)","children":[],"payload":{"lines":"88,89"}}],"payload":{"lines":"87,89"}},{"content":"GitHub","children":[{"content":"page: <a href=\"https://github.com/advisories/GHSA-rxwq-x6h5-x525\">Malicious code was discovered in the upstream tarballs of... (GHSA-rxwq-x6h5-x525)</a> (2024-03-29)","children":[],"payload":{"lines":"90,91"}}],"payload":{"lines":"89,91"}},{"content":"CERT-EU","children":[{"content":"post: <a href=\"https://cert.europa.eu/publications/security-advisories/2024-032/\">Critical Vulnerability in XZ Utils</a> (2023-03-29+)","children":[],"payload":{"lines":"92,94"}}],"payload":{"lines":"91,94"}}],"payload":{"lines":"64,65"}},{"content":"analysis","children":[{"content":"by Merav Bar, Amitai Cohen (<a href=\"https://infosec.exchange/@AmitaiCo\">@AmitaiCo</a>), Danielle Aminov (<a href=\"https://mastodon.social/@danielleaminov\">@danielleaminov</a>)","children":[{"content":"post: <a href=\"https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils\">Backdoor in XZ Utils allows RCE: everything you need to know</a> (2024-03-29++)","children":[],"payload":{"lines":"97,98"}}],"payload":{"lines":"96,98"}},{"content":"by nugxperience (<a href=\"https://twitter.com/nugxperience\">@nugxperience</a>)","children":[{"content":"tweet: <a href=\"https://twitter.com/nugxperience/status/1773906926503591970\">The AWK portion of the #xz #backdoor decoding script is implementing a modified RC4 algorithm.</a> (2024-03-30)","children":[],"payload":{"lines":"99,100"}}],"payload":{"lines":"98,100"}},{"content":"by alden (<a href=\"https://twitter.com/birchb0y\">@birchb0y</a>)","children":[{"content":"github: <a href=\"https://github.com/ald3ns/xz-backdoor-github-analysis\">XZ Backdoor Github Analysis - Jupyter Notebook to graph a users commit history over time</a> (2024-03-30)","children":[],"payload":{"lines":"101,102"}},{"content":"tweet: <a href=\"https://twitter.com/birchb0y/status/1773871381890924872\">If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity.</a> (2024-03-30)","children":[],"payload":{"lines":"102,103"}}],"payload":{"lines":"100,103"}},{"content":"by Gynvael Coldwind (<a href=\"https://infosec.exchange/@gynvael\">@gynvael</a>)","children":[{"content":"post: <a href=\"https://gynvael.coldwind.pl/?lang=en&amp;id=782\">xz/liblzma: Bash-stage Obfuscation Explained</a> (2024-03-30)","children":[],"payload":{"lines":"104,105"}},{"content":"toot: <a href=\"https://infosec.exchange/@gynvael/112186403234118116\">Some notes from analyzing the bash part obfuscation of the xz/liblzma part</a> (2024-03-30)","children":[],"payload":{"lines":"105,106"}}],"payload":{"lines":"103,106"}},{"content":"by Serge Bazanski  (<a href=\"https://social.hackerspace.pl/@q3k\">@q3k</a>)","children":[{"content":"gist: <a href=\"https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01\">liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)</a> (2024-03-30)","children":[],"payload":{"lines":"107,108"}},{"content":"toot: <a href=\"https://social.hackerspace.pl/@q3k/112184695043115759\">List of encoded strings within the liblzma/xz backdoor payload (5.6.1)</a> (2024-03-30)","children":[],"payload":{"lines":"108,109"}}],"payload":{"lines":"106,109"}},{"content":"by Stefano Moioli (<a href=\"https://github.com/smx-smx\">github.com/smx-smx</a>)","children":[{"content":"gist: <a href=\"https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504\">[WIP] XZ Backdoor Analysis and symbol mapping</a> (2024-03-30+)","children":[],"payload":{"lines":"110,111"}},{"content":"github: <a href=\"https://github.com/smx-smx/xzre\">xzre - Reverse engineering of the XZ backdoor</a> (2024-04-02+)","children":[],"payload":{"lines":"111,112"}},{"content":"page: <a href=\"https://smx-smx.github.io/xzre/\">xzre Documentation generated by Doxygen</a> (2024-04-04+)","children":[],"payload":{"lines":"112,113"}}],"payload":{"lines":"109,113"}},{"content":"by Rhea Karty and Simon Henniger","children":[{"content":"post: <a href=\"https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and\">XZ Backdoor: Times, damned times, and scams</a> (2024-03-30)","children":[],"payload":{"lines":"114,115"}}],"payload":{"lines":"113,115"}},{"content":"by Connor Tumbleson (<a href=\"https://infosec.exchange/@iBotPeaches\">@iBotPeaches</a>)","children":[{"content":"post: <a href=\"https://connortumbleson.com/2024/03/31/watching-xz-unfold-from-afar/\">Watching xz unfold from afar</a> (2024-03-30+)","children":[],"payload":{"lines":"116,117"}}],"payload":{"lines":"115,117"}},{"content":"by Jonathan Schleifer (<a href=\"https://ap.nil.im/js\">@js</a>)","children":[{"content":"wiki: <a href=\"https://github.com/Midar/xz-backdoor-documentation/wiki\">xz-backdoor-documentation</a> (2024-03-30+)","children":[],"payload":{"lines":"118,119"}},{"content":"toot: <a href=\"https://ap.nil.im/notice/AgOBVh5Tq1IjfawZvM\">I started a writeup of what I found so far about the #xz backdoor</a> (2024-03-30)","children":[],"payload":{"lines":"119,120"}}],"payload":{"lines":"117,120"}},{"content":"by Michael Karcher (<a href=\"https://github.com/karcherm\">github.com/karcherm</a>)","children":[{"content":"github: <a href=\"https://github.com/karcherm/xz-malware\">xz-malware - Stuff discovered while analyzing the malware hidden in xz-utils 5.6.0 and 5.6.1</a> (2024-03-31+)","children":[],"payload":{"lines":"121,122"}}],"payload":{"lines":"120,122"}},{"content":"by Anthony Weems (<a href=\"https://infosec.exchange/@amlw\">@amlw</a>)","children":[{"content":"github: <a href=\"https://github.com/amlweems/xzbot\">xzbot - notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)</a> (2024-04-01)","children":[],"payload":{"lines":"123,124"}},{"content":"tweet: <a href=\"https://twitter.com/amlweems/status/1774819428208689241\">I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE</a> (2024-04-01)","children":[],"payload":{"lines":"124,125"}}],"payload":{"lines":"122,125"}},{"content":"by Peter Geissler (<a href=\"https://infosec.exchange/@blasty\">@blasty</a>)","children":[{"content":"tweet: <a href=\"https://twitter.com/bl4sty/status/1776691497506623562\">the xz sshd backdoor rabbithole goes quite a bit deeper.</a> (2024-04-06)","children":[],"payload":{"lines":"126,127"}},{"content":"thread: <a href=\"https://threadreaderapp.com/thread/1776691497506623562.html\">the xz sshd backdoor rabbithole goes quite a bit deeper.</a> (2024-04-06)","children":[],"payload":{"lines":"127,128"}},{"content":"github: <a href=\"https://github.com/blasty/JiaTansSSHAgent\">Jia Tan's SSH Agent - Simple SSH Agent that implements some of the XZ sshd backdoor functionality.</a> (2024-04-08)","children":[],"payload":{"lines":"128,129"}}],"payload":{"lines":"125,129"}},{"content":"by Kaspersky (<a href=\"https://twitter.com/kaspersky\">@kaspersky</a>)","children":[{"content":"post: <a href=\"https://securelist.com/xz-backdoor-story-part-1/112354/\">XZ backdoor story – Initial analysis</a> (2024-04-12)","children":[],"payload":{"lines":"130,131"}},{"content":"tweet: <a href=\"https://twitter.com/kaspersky/status/1778815409489059963\">Our experts analyzed the malicious #XZbackdoor, which almost infected multiple #Linux distributions.</a> (2024-04-12)","children":[],"payload":{"lines":"131,133"}}],"payload":{"lines":"129,133"}}],"payload":{"lines":"94,95"}},{"content":"distillation","children":[{"content":"by Sam James (<a href=\"https://social.treehouse.systems/@thesamesam\">@thesamesam</a>)","children":[{"content":"gist: <a href=\"https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27\">FAQ on the xz-utils backdoor (CVE-2024-3094)</a> (2024-03-29+)","children":[],"payload":{"lines":"136,137"}},{"content":"toot: <a href=\"https://social.treehouse.systems/@thesamesam/112193966262726793\">Since the #xz incident started, I've been maintaining an FAQ/living document on what we know</a> (2024-04-01)","children":[],"payload":{"lines":"137,138"}}],"payload":{"lines":"135,138"}},{"content":"by Evan Boehs (<a href=\"https://social.coop/@eb\">@eb</a>)","children":[{"content":"post: <a href=\"https://boehs.org/node/everything-i-know-about-the-xz-backdoor\">Everything I Know About the XZ Backdoor</a> (2024-03-29+)","children":[],"payload":{"lines":"139,140"}},{"content":"toot: <a href=\"https://social.coop/@eb/112180540086255196\">I have begun a post explaining this situation in a more detailed writeup.</a> (2024-03-29)","children":[],"payload":{"lines":"140,141"}}],"payload":{"lines":"138,141"}},{"content":"by Russ Cox (<a href=\"https://hachyderm.io/@rsc\">@rsc</a>)","children":[{"content":"post: <a href=\"https://research.swtch.com/xz-timeline\">Timeline of the xz open source attack</a> (2024-04-01+)","children":[],"payload":{"lines":"142,143"}},{"content":"toot: <a href=\"https://hachyderm.io/@rsc/112199506755478946\">I put together a timeline of the xz attack, dating back to 2021.</a> (2024-04-02)","children":[],"payload":{"lines":"143,144"}},{"content":"post: <a href=\"https://research.swtch.com/xz-script\">The xz attack shell script</a> (2024-04-02)","children":[],"payload":{"lines":"144,145"}},{"content":"toot: <a href=\"https://hachyderm.io/@rsc/112200603337903320\">A walkthrough of the xz attack shell script.</a> (2024-04-02)","children":[],"payload":{"lines":"145,146"}}],"payload":{"lines":"141,146"}},{"content":"by Filippo Valsorda (<a href=\"https://mastodon.social/@filippo@abyssdomain.expert\">@filippo</a>)","children":[{"content":"toot: <a href=\"https://mastodon.social/@filippo@abyssdomain.expert/112185827535824541\">I'm watching some folks reverse engineer the xz backdoor, sharing some <em>preliminary</em> analysis with permission.</a> (2024-03-30)","children":[],"payload":{"lines":"147,148"}}],"payload":{"lines":"146,148"}},{"content":"by Dan Goodin (<a href=\"https://infosec.exchange/@dangoodin\">@dangoodin</a>)","children":[{"content":"post: <a href=\"https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/\">What we know about the xz Utils backdoor that almost infected the world</a> (2024-04-01)","children":[],"payload":{"lines":"149,150"}}],"payload":{"lines":"148,150"}},{"content":"by Daroc Alden (<a href=\"https://twitter.com/setupminimal\">@setupminimal</a>)","children":[{"content":"post: <a href=\"https://lwn.net/Articles/967192/\">How the XZ backdoor works</a> (2024-04-02+)","children":[],"payload":{"lines":"151,152"}}],"payload":{"lines":"150,152"}},{"content":"by Low Level Learning (<a href=\"https://twitter.com/@LowLevelTweets\">@LowLevelTweets</a>)","children":[{"content":"video: <a href=\"https://www.youtube.com/watch?v=vV_WdTBbww4\">revealing the features of the XZ backdoor</a> based on xzbot (2024-04-03)","children":[],"payload":{"lines":"153,154"}}],"payload":{"lines":"152,154"}},{"content":"by Christian Weisgerber (naddy)","children":[{"content":"mail: <a href=\"https://marc.info/?l=openbsd-misc&amp;m=171227941117852\">lcamtuf on the recent xz debacle</a> (2024-04-05)","children":[],"payload":{"lines":"155,157"}}],"payload":{"lines":"154,157"}}],"payload":{"lines":"133,134"}},{"content":"infographic","children":[{"content":"by Danielle Aminov (<a href=\"https://mastodon.social/@danielleaminov\">@danielleaminov</a>)","children":[{"content":"image: <a href=\"https://www.datocms-assets.com/75231/1711898124-liblzma_flow_w_logo-1.png\">liblzma_flow_w_logo-1.png</a> used in Wiz post (2024-03-31)","children":[],"payload":{"lines":"160,161"}},{"content":"toot: <a href=\"https://mastodon.social/@danielleaminov/112200745031488946\">I've been looking into how the xz backdoor works and drew this sketch to make it easier to understand.</a> (2024-04-02)","children":[],"payload":{"lines":"161,162"}}],"payload":{"lines":"159,162"}},{"content":"by Thomas Roccia (<a href=\"https://infosec.exchange/@fr0gger\">@fr0gger</a>)","children":[{"content":"toot: <a href=\"https://infosec.exchange/@fr0gger/112189232773640259\">I tried to make sense of the analysis in a single page (which was quite complicated)!</a> Part 1 w/ LQ img (2024-03-31)","children":[],"payload":{"lines":"163,164"}},{"content":"tweet: <a href=\"https://twitter.com/fr0gger_/status/1774342248437813525\">I tried to make sense of the analysis in a single page (which was quite complicated)!</a> Part 1 w/ HQ img (2024-03-31)","children":[],"payload":{"lines":"164,165"}},{"content":"toot: <a href=\"https://infosec.exchange/@fr0gger/112211836264840207\">I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview.</a> Part 2 w/ LQ img (2024-04-04)","children":[],"payload":{"lines":"165,166"}},{"content":"tweet: <a href=\"https://twitter.com/fr0gger_/status/1775759514249445565\">I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview.</a> Part 2 w/ HQ img (2024-04-04)","children":[],"payload":{"lines":"166,167"}}],"payload":{"lines":"162,167"}},{"content":"by ACE Responder (<a href=\"https://twitter.com/ACEResponder\">@ACEResponder</a>)","children":[{"content":"tweet: <a href=\"https://twitter.com/ACEResponder/status/1776749649266692420\">How the #XZUtils SSHD backdoor works.</a> animation based on xzbot (2024-04-07)","children":[],"payload":{"lines":"168,170"}}],"payload":{"lines":"167,170"}}],"payload":{"lines":"157,158"}},{"content":"detection","children":[{"content":"by Vegard Nossum (<a href=\"https://mastodon.social/@vegard\">@vegard</a>)","children":[{"content":"file: <a href=\"https://www.openwall.com/lists/oss-security/2024/03/29/4/3\">detect.sh</a> (warning: uses ldd which is <a href=\"https://dwheeler.com/program-library/Program-Library-HOWTO/x36.html\">unsafe unless you trust its target</a>) (2024-03-29)","children":[],"payload":{"lines":"173,174"}},{"content":"toot: <a href=\"https://mastodon.social/@vegard/112179869758119960\">Upstream backdoor discovered in xz-utils/liblzma</a> (2024-03-29)","children":[],"payload":{"lines":"174,175"}}],"payload":{"lines":"172,175"}},{"content":"by Binarly (<a href=\"https://twitter.com/binarly_io\">@binarly_io</a>)","children":[{"content":"page: <a href=\"https://xz.fail/\">xz.fail - Binarly XZ backdoor detector</a> (2024-04-01)","children":[],"payload":{"lines":"176,177"}},{"content":"post: <a href=\"https://www.binarly.io/blog/xz-utils-supply-chain-puzzle-binarly-ships-free-scanner-for-cve-2024-3094-backdoor\">XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor</a> (2024-04-01)","children":[],"payload":{"lines":"177,179"}}],"payload":{"lines":"175,179"}}],"payload":{"lines":"170,171"}},{"content":"countermeasure","children":[{"content":"by Hank Leininger (<a href=\"https://github.com/hlein\">github.com/hlein</a>)","children":[{"content":"github: <a href=\"https://github.com/hlein/distro-backdoor-scanner\">distro-backdoor-scanner - tools to scan OS distributions for backdoor indicators</a> (2024-04-01+)","children":[],"payload":{"lines":"182,184"}}],"payload":{"lines":"181,184"}}],"payload":{"lines":"179,180"}},{"content":"comments","children":[{"content":"<p data-lines=\"186,187\">by Jonathan Corbet (<a href=\"https://social.kernel.org/users/corbet\">@corbet</a>)</p>","children":[{"content":"toot: <a href=\"https://social.kernel.org/notice/AgM1lT6HeBpodOubEe\">Random, unordered, probably useless thoughts on today's apocalypxze...</a> (2024-03-29)","children":[],"payload":{"lines":"187,188"}},{"content":"post: <a href=\"https://lwn.net/Articles/967866/\">Free software's not-so-eXZellent adventure</a> (2024-04-02)","children":[],"payload":{"lines":"188,189"}}],"payload":{"lines":"186,189"}},{"content":"<p data-lines=\"189,190\">by Michał Zelewski (<a href=\"https://infosec.exchange/@lcamtuf\">@lcamtuf</a>)</p>","children":[{"content":"post: <a href=\"https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor\">Techies vs spies: the xz backdoor debate</a> (2024-03-30)","children":[],"payload":{"lines":"190,191"}},{"content":"toot: <a href=\"https://infosec.exchange/@lcamtuf/112182346314363746\">OK, so here's my slightly more eloquent take on the xz thing, complete with a zinger closing paragraph</a> (2024-03-30)","children":[],"payload":{"lines":"191,192"}},{"content":"post: <a href=\"https://lcamtuf.substack.com/p/oss-backdoors-the-allure-of-the-easy\">OSS backdoors: the folly of the easy fix</a> (2024-03-31)","children":[],"payload":{"lines":"192,193"}},{"content":"toot: <a href=\"https://infosec.exchange/@lcamtuf/112192465212699615\">The maintainers of libcolorpicker.so can’t be the only thing that stands between your critical infrastructure and Russian or Chinese intelligence services</a> (2024-03-31)","children":[],"payload":{"lines":"193,194"}}],"payload":{"lines":"189,194"}},{"content":"<p data-lines=\"194,195\">by Rob Mensching (<a href=\"https://twitter.com/robmen\">@robmen</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/robmen/status/1774067844785086775\">Lots of analysis of the xz/liblzma vulnerability. Most skip over the first step of the attack</a> (2024-03-30)","children":[],"payload":{"lines":"195,196"}},{"content":"post: <a href=\"https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/\">A Microcosm of the interactions in Open Source projects</a> (2024-03-30)","children":[],"payload":{"lines":"196,197"}},{"content":"post: <a href=\"https://robmensching.com/blog/posts/2024/03/31/what-could-be-done-to-support-open-source-maintainers/\">What could be done to support Open Source maintainers?</a> (2024-03-31)","children":[],"payload":{"lines":"197,198"}}],"payload":{"lines":"194,198"}},{"content":"<p data-lines=\"198,199\">by Devon Eriksen (<a href=\"https://twitter.com/Devon_Eriksen_\">@Devon_Eriksen_</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/Devon_Eriksen_/status/1774094415235092494\">Are you actually sitting there telling me that, in 2024, a significant open source project is using fucking Autotools instead of something like Cmake?</a>","children":[],"payload":{"lines":"199,200"}}],"payload":{"lines":"198,200"}},{"content":"<p data-lines=\"200,201\">by Dominik Czarnota (<a href=\"https://twitter.com/disconnect3d_pl\">@disconnect3d_pl</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/disconnect3d_pl/status/1774496509259645392\">Fwiw the \"disabled landlock\" case reminds me of all those \"security mitigation typos\" I found some time ago</a> (2024-03-31)","children":[],"payload":{"lines":"201,202"}}],"payload":{"lines":"200,202"}},{"content":"<p data-lines=\"202,203\">by Josh Bressers (<a href=\"https://infosec.exchange/@joshbressers\">@joshbressers</a>), Kurt Seifried (<a href=\"https://infosec.exchange/@kurtseifried\">@kurtseifried</a>)</p>","children":[{"content":"podcast: <a href=\"https://opensourcesecurity.io/2024/04/01/xz-bonus-spectacular-episode/\">Open Source Security - XZ Bonus Spectacular Episode</a> (2024-04-01)","children":[],"payload":{"lines":"203,204"}}],"payload":{"lines":"202,204"}},{"content":"<p data-lines=\"204,205\">by Brian Krebs (<a href=\"https://infosec.exchange/@briankrebs\">@briankrebs</a>)</p>","children":[{"content":"toot: <a href=\"https://infosec.exchange/@briankrebs/112197305365490518\">Some thoughts about attribution in the XZ backdoor, having just wasted so many hours digging into the details.</a> (2024-04-01)","children":[],"payload":{"lines":"205,206"}}],"payload":{"lines":"204,206"}},{"content":"<p data-lines=\"206,207\">by Ariadne Conill (<a href=\"https://social.treehouse.systems/@ariadne\">@ariadne</a>)</p>","children":[{"content":"post: <a href=\"https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/\">The XZ Utils backdoor is a symptom of a larger problem</a> (2024-04-02)","children":[],"payload":{"lines":"207,208"}},{"content":"toot: <a href=\"https://social.treehouse.systems/@ariadne/112200322089325192\">The XZ Utils backdoor is a symptom of a larger problem</a> (2024-04-02)","children":[],"payload":{"lines":"208,209"}}],"payload":{"lines":"206,209"}},{"content":"<p data-lines=\"209,210\">by Rachel Kroll</p>","children":[{"content":"post: <a href=\"https://rachelbythebay.com/w/2024/04/02/autoconf/\">autoconf makes me think we stopped evolving too soon</a> (2024-04-02)","children":[],"payload":{"lines":"210,211"}}],"payload":{"lines":"209,211"}},{"content":"<p data-lines=\"211,212\">by Patrick Gray (<a href=\"https://infosec.exchange/@riskybusiness\">@riskybusiness</a>), Adam Boileau (<a href=\"https://infosec.exchange/@metlstorm\">@metlstorm</a>)</p>","children":[{"content":"podcast: <a href=\"https://risky.biz/RB743/\">Risky Business #743 - A chat about the xz backdoor with the guy who found it</a> w/ special guest: Andres Freund (2024-04-03)","children":[],"payload":{"lines":"212,213"}}],"payload":{"lines":"211,213"}},{"content":"<p data-lines=\"213,214\">by Peter Geissler (<a href=\"https://infosec.exchange/@blasty\">@blasty</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/bl4sty/status/1775299293139575048\">xz bd engineer 1: bro, we need a way to probe the address space to make sure we never SEGV sshd</a> (2024-04-03)","children":[],"payload":{"lines":"214,215"}}],"payload":{"lines":"213,215"}},{"content":"<p data-lines=\"215,216\">by Alex Matrosov (<a href=\"https://twitter.com/matrosov\">@matrosov</a>)</p>","children":[{"content":"<a href=\"https://twitter.com/matrosov/status/1776693648916447735\">I'm not sure if someone noticed, but @HexRaysSA IDA shows a warning on the ifunc implantation technique used by #xzbackdoor</a> (2024-04-06)","children":[],"payload":{"lines":"216,217"}},{"content":"<a href=\"https://twitter.com/matrosov/status/1776701862936453284\">Our xz.fail scanner detects generically ifunc implantation #xzbackdoor technique on any ELF file and could spot other projects implanted by the same technique</a> (2024-04-06)","children":[],"payload":{"lines":"217,218"}}],"payload":{"lines":"215,218"}},{"content":"<p data-lines=\"218,219\">by Valentina Palmiotti (<a href=\"https://haunted.computer/@chompie1337\">@chompie1337</a>)</p>","children":[{"content":"tweet: <a href=\"https://twitter.com/chompie1337/status/1776735428952940727\">A lot of tradecraft being burned here.</a> (2024-04-07)","children":[],"payload":{"lines":"219,220"}}],"payload":{"lines":"218,220"}},{"content":"<p data-lines=\"220,221\">by Adam Leventhal (<a href=\"https://mastodon.social/@ahl\">@ahl</a>), Bryan Cantrill (<a href=\"https://mastodon.social/@bcantrill\">@bcantrill</a>)</p>","children":[{"content":"toot: <a href=\"https://mastodon.social/@ahl/112242906033081880\">What an Oxide and Friends last night! @bcantrill and I were joined by the one and only @AndresFreundTec to talk about his discovery of the xz backdoor.</a> (2024-04-09)","children":[],"payload":{"lines":"221,222"}},{"content":"podcast: <a href=\"https://oxide.computer/podcasts/oxide-and-friends/1843393\">Oxide and Friends - Discovering the XZ Backdoor with Andres Freund</a> w/ special guest: Andres Freund (2024-04-10)","children":[],"payload":{"lines":"222,223"}}],"payload":{"lines":"220,223"}},{"content":"<p data-lines=\"223,224\">by Dirk Mueller / openSUSE Linux (<a href=\"https://fosstodon.org/@opensuse\">@opensuse</a>)</p>","children":[{"content":"toot: <a href=\"https://fosstodon.org/@opensuse/112258240858019079\">Dive into what happened with the #XZ #backdoor.</a> (2024-04-12)","children":[],"payload":{"lines":"224,225"}},{"content":"post: <a href=\"https://news.opensuse.org/2024/04/12/learn-from-the-xz-backdoor/\">What we need to take away from the XZ Backdoor</a> (2024-04-12)","children":[],"payload":{"lines":"225,227"}}],"payload":{"lines":"223,227"}},{"content":"<p data-lines=\"227,228\">collected by Michael Tsai (<a href=\"https://mastodon.social/@mjtsai\">@mjtsai</a>)</p>","children":[{"content":"post: <a href=\"https://mjtsai.com/blog/2024/04/01/xz-backdoor/\">xz Backdoor</a> (2024-04-01+)","children":[],"payload":{"lines":"228,230"}}],"payload":{"lines":"227,230"}},{"content":"<p data-lines=\"230,231\">by <a href=\"https://lwn.net/\">LWN.net</a> community</p>","children":[{"content":"post: <a href=\"https://lwn.net/Articles/967180/\">A backdoor in xz</a> (2024-03-29)","children":[],"payload":{"lines":"231,232"}}],"payload":{"lines":"230,232"}},{"content":"<p data-lines=\"232,233\">by <a href=\"https://lobste.rs/\">Lobsters</a> community</p>","children":[{"content":"post: <a href=\"https://lobste.rs/s/uihyvs/backdoor_upstream_xz_liblzma_leading_ssh\">backdoor in upstream xz/liblzma leading to ssh server compromise</a> (2024-03-29)","children":[],"payload":{"lines":"233,234"}}],"payload":{"lines":"232,234"}},{"content":"<p data-lines=\"234,235\">by <a href=\"https://news.ycombinator.com/\">Hacker News</a> community</p>","children":[{"content":"post: <a href=\"https://news.ycombinator.com/item?id=39865810\">Backdoor in upstream xz/liblzma leading to SSH server compromise</a> (2024-03-29)","children":[],"payload":{"lines":"235,236"}},{"content":"post: <a href=\"https://news.ycombinator.com/item?id=39874404\">Xz: Can you spot the single character that disabled Linux landlock?</a> (2024-03-30)","children":[],"payload":{"lines":"236,237"}},{"content":"post: <a href=\"https://news.ycombinator.com/item?id=39895344\">Xzbot: Notes, honeypot, and exploit demo for the xz backdoor</a> (2024-04-01)","children":[],"payload":{"lines":"237,238"}}],"payload":{"lines":"234,238"}},{"content":"<p data-lines=\"238,239\">by <a href=\"https://old.reddit.com/r/linux/\">reddit r/linux</a> community</p>","children":[{"content":"post: <a href=\"https://old.reddit.com/r/linux/comments/1bqt999/backdoor_in_upstream_xzliblzma_leading_to_ssh/\">backdoor in upstream xz/liblzma leading to ssh server compromise</a> (2024-03-29)","children":[],"payload":{"lines":"239,240"}}],"payload":{"lines":"238,240"}}],"payload":{"lines":"184,185"}}],"payload":{"lines":"1,2"}},{"colorFreezeLevel":2,"maxWidth":1300})</script>
 </body>
 </html>