My mastodon feed is full of IT security specialist talking about the xz affair where someone let a backdoor in some library.

But beside showing the two side of Free/Libre software (anybody can add a backdoor, and anybody can spot it), I have no idea how it impacts the average person. Is it a common library or something used only by specific application ? Would my home-grade router protects me ?

  • @[email protected]
    link
    fedilink
    19 months ago

    Thank you! I believe this is what the OP was asking, and it’s definitely what I wanted to know :)

    Do we know what the payload is?

    • @[email protected]
      link
      fedilink
      1
      edit-2
      9 months ago

      Arbitrary. It could be whatever they wanted at any time. This was a full on remote code execution (RCE) exploit. And baking it into an RSA key is pretty novel

      And you’re welcome :)