Letter Of Marque

The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, and we have a much better idea of what the injected payload does.

One of the first findings to note is that the backdoor doesn’t allow a user to log in over SSH. Instead, when an SSH request is signed with the right authentication key, one of the certificate fields is decoded and executed via a system() call. And this makes perfect sense. An SSH login leaves an audit trail, while this backdoor is obviously intended to be silent and secret.

It’s interesting to note that this code made use of both autotools macros, and the GNU ifunc, or Indirect FUNCtions. That’s the nifty feature where a binary can include different versions of a function, each optimized for a different processor instruction set. The right version of the function gets called at runtime. Or in this case, the malicious version of that function gets hooked in to execution by a malicious library. Continue reading “This Week In Security: XZ, ATT, And Letters Of Marque” →

Hackaday

1 Articles

This Week In Security: XZ, ATT, And Letters Of Marque

Search

Never miss a hack

If you missed it

My Space

NASA Is Now Tasked With Developing A Lunar Time Standard, Relativity Or Not

VAR Is Ruining Football, And Tech Is Ruining Sport

Mining And Refining: Uranium And Plutonium

Programming Ada: First Steps On The Desktop

Our Columns

Hackaday Links: May 5, 2024

Tool-Building Mammals

Hackaday Podcast Episode 269: 3D Printed Flexure Whegs, El Cheapo Bullet Time, And A DIY Cell Phone Sniffer

This Week In Security: Default Passwords, Lock Slapping, And Mastodown

FLOSS Weekly Episode 781: Resistant To The Wrath Of God

Search

Never miss a hack

Subscribe

If you missed it

Our Columns