HACKERS HACKED LINUX: XZ BACDOOR!!
HTML-код
- Опубликовано: 7 апр 2024
- // Description
____
Hi everyone, I am zilox and this video is about latest XZ backdoor. XZ backdoor is a critical security flaw. This backdoor was implanted by "Jia Tan", who worked in XZ utils project for years. I have described more about this backdoor in description and how you can found and remove this backdoor from your system. I have told you how you can find xz vulnerability and how you can run a xz vulnerability scan. xz vulnerability scanning is very easy process shared in this video. Moreover, liblzma a library for Xz tool Is also discussed in this video.
------------------------------------------------------------------------
---- Like && Subscribe ----
// Links
🚀🚀 Instagram: shorturl.at/adJV1
😎 Second Channel: shorturl.at/afMQ4
------------------------------------------------------------------------
// Tags
#xz_backdoor #xz_vulnerbility #linux_security #linux #linux_hack #xz
------------------------------------------------------------------------ Наука
don't use "xz --version". use the version display of your OS's package manager instead!!
its the same as trying to execute a virus with "--help" - you will execute it nonetheless.
edit: purge old packages, too. we dont need a backdoor in the cached backups.
You clearly have no idea what you are doing right?
Can you please remove that bad word, I wanna pin your comment
@@z1l0x Done.
@@skyracer-mk8hg I am on Arch. Does this answer your question? "pacman -Q xz liblzma" outputs the same as "xz --version".
Well, yes and no. This falls into the category of literally false, metaphorically true. An example: "Porcupines can throw their quills if agitated". No, no they can't, but the quills are dangerous so if you behave as if they can throw them and keep some distance you are better off. The same applies here. The malicious code, as far as we know, only subverts sshd authentication when supplied with one specific private key, but because we know this utility has _some_ malicious code we should treat it as if it is a virus or trojan or something worse and not arbitrarily execute it.
No it didn't.🙃
China strikes again. Most of Jia Tan's uploads coincide with the chinese timezone.
it's too obvious. anyone planning this attack for this length of time is aware that their active hours will be tracked.
@@nidavishey guys I found the CCP agent!!!!!
`rekt` you mean? But at least "the system works" ? And I can't even take credit for open source too hard, because … a Microsoft developer! "The ecosystem works" ? "Society" ? "The goodness of humanity" ?
remove xz ? umm that wiill break a lot of things lol
As a 7z user I feel superior
ehh IKWYM but sadly the world of shared libraries means this is irrelevant, as I hope you knew, and isn't relevant to your point
I still want to interview Igor Pavlov about this
7zip, you mean the file format that uses LZMA2 (XZ) compression?
Parrot os is best❤