Developer Tech

XZ attack reveals unlearned open-source security lessons

The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.
Linux Journal

Linux File Compression: gzip, bzip2, and xz Unveiled

In the world of Linux, file compression is a routine yet critical task, serving the dual purpose of saving disk space and speeding up file transfers. With several compression tools at your disposal, ...
techzine

xz backdoor shows how vulnerable open-source is to hackers playing the long game

A security leak in the Linux compression tool xz shows open-source systems’ vulnerability to multi-year infiltration tactics by “trusted” contributors. In this case, the culprits added malicious code ...
GitHub

xz: (stdin): Unsupported type of integrity check; not verifying file integrity

It seems the root cause is the same: an outdated xz version that doesn't support the integrity check or options used in the Node.js tar.xz archives. Upgrading to xz 5.8.1 (or a version that supports ...
TechCrunch

How to make open source software more secure

Earlier this year, a Microsoft developer realized that someone had inserted a backdoor into the code of open source utility XZ Utils, which is used in virtually all Linux operating systems. The ...
NPR

The hack that almost broke the internet

Last month, the world narrowly avoided a cyberattack of stunning ambition. The targets were some of the most important computers on the planet. Computers that power the internet. Computers used by ...
ZDNet

XZ Utils might not have been the only sabotage target, open-source foundations warn

The XZ Utils backdoor (CVE-2024-3094) may not have been an isolated incident, according to a joint statement by the Open Source Security Foundation and the OpenJS Foundation. If you're unaware of the ...