Backdoor in upstream xz/liblzma leading to ssh server compromise - eviltoast
  • TechNom (nobody)@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    The hack is still not fully understood and is being analyzed. It doesn’t help that Github suspended everything, including the original maintainer’s account (who is believed to be a victim of social engineering).

    Anyway, you will eventually see a post mortem. I’m willing to bet that it’s going to be as phenomenal as the hack itself. The case and its investigation is going to be a classic case study for all security researchers and security-minded users. Anyway, I doubt that the attackers will ever be found. Jia Tan, Jigar Kumar and others are going to remain as ghosts like Satoshi Nakamoto.