the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n

Strangely enough, my interest in Windows only lasted a day. Not sure what changed, but if I had to guess, it would be having to use (or rather, be used by) the new Outlook.

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-)

github.com/amlweems/xzbot

This is my favorite vim talk of all time. I've watched it several times, generated my own cheatsheet from it, and have recommended it to several others. It was instrumental at a foundational level for me and has set me up for years of great vim usage.

youtu.be/E-ZbrtoSuzw?si…

oh man have you guys seen this?! I can chat with people, share files, and see my calendar. Plus it installed itself. Didn't have to do anything. 😍😍😍 Feeling really intune with Windows. Time to add my face to Hello.

It's been a long time in coming, but the whole xz thing finally pushed me over. Sigh... goodbye linux.

xz - 'Security through antiquity.' 😂

-- scot berner

Back Door

Hat tip to Mitre. Well played. 😂

attack.mitre.org/full-coverage.…

Jesus is alive! Happy Resurrection Sunday! ✝️

Not all heroes wear capes. Some benchmark their ssh connections.

We are really fortunate this was caught before being committed to Debian based distros (👀 AWS). Very good reasons to be restricting incoming SSH at the firewall/security group level.

Can he get you one of these then?: msrc.microsoft.com/update-guide/r…

The xz package tar's were backdoored. Only discovered because the backdoor slowed down sshd enough for Andres Freund to investigate.

Consider the case where the backdoor didn't cause perf issues... How long would this have gone undetected?

openwall.com/lists/oss-secu…

Did you know that most of the O365 password spraying tools are giving (not after today) the wrong output for the error AADSTS50079?

AADSTS50079 has changed the meaning over the years from Microsoft and does not longer mean that MFA is in use, it actually means that MFA must be…

We have a chicken that lays eggs without shells. Not sure what to make of it. Yes it's a real egg. Yes it tastes fine. Just... no shell.

Really sorry, I should have mentioned, we are looking US/UK Sr level operator. You all in my DMs are some incredibly smart people! I would hire you all if I could, but if you hear back a 'not at this time' from me, please receive it well (I'll give feedback if you ask).

The YouTube suggestion bar is an absolute time suck.

Block it using a custom uBlock Origin filter entry:

youtube.com## #secondary