Russ Cox 4/2/2024

Timeline of the xz open source attack

Read Original

This article provides a chronological breakdown of the sophisticated social engineering attack on the xz open-source compression library. It details how an attacker, under the pseudonym "Jia Tan," gained trust and commit access over two years to insert a hidden backdoor into liblzma, affecting OpenSSH on several Linux distributions. The post analyzes the attack's progression from 2021 to its discovery in 2024, marking it as a significant watershed moment for open-source software supply chain security.

0 comments
#open source #ssh #Supply Chain Security
Timeline of the xz open source attack

Comments

No comments yet

Be the first to share your thoughts!

Browser Extension

Get instant access to AllDevBlogs from your browser

Top of the Week

1
Quoting Thariq Shihipar
Simon Willison 2 votes
2
Using Browser Apis In React Practical Guide
Jivbcoop 2 votes
3
Better react-hook-form Smart Form Components
Maarten Hus 2 votes
4
Top picks — 2026 January
Paweł Grzybek 1 votes
5
In Praise of –dry-run
Henrik Warne 1 votes
6
Deep Learning is Powerful Because It Makes Hard Things Easy - Reflections 10 Years On
Ferenc Huszár 1 votes
7
Vibe coding your first iOS app
William Denniss 1 votes
8
AGI, ASI, A*I – Do we have all we need to get there?
John D. Cook 1 votes
9
Dew Drop – January 15, 2026 (#4583)
Alvin Ashcraft 1 votes