Email or username:

Password:

Forgot your password?
Mike Sheward

people are saying the xz backdoor is likely the work of a nation state actor, and given that it appears to been slow rolled for a couple of years and immediately became obsolete before it was fully launched - you do have to admit it bears the hallmarks of a government IT project

12 comments
HowToPhil (Phillip R)

@SecureOwl This is the best comment on this I have seen and will ever see! :)

Paul_IPv6

@SecureOwl

the only part missing is massively overpaying the implementer. :D

kurtsh

@paul_ipv6 @SecureOwl OMG that's so funny... and that's all before the scope creep beyond the initial RFP. 🀣

Andrew

@paul_ipv6 @SecureOwl sadly we may never find out if that happened or not.

But given they, hopefully, failed we do know they must have been overpaid. Unless payment was tied to successful delivery to the target(s).

Zac

@SecureOwl feels like someone testing the waters of how, and how quickly a slow burn attack like this is detected. I'd be willing to bet we see more of this, if they aren't already out there in the wild given this one was only discovered purely by chance.

Mike Sheward

@sloenthusiast yup, I’m sure there are plenty more lurking and to be lurked

The Doctor

@SecureOwl You are not wrong.

Can I quote you on that?

Paul Cantrell

@SecureOwl @marcan
It’s true! If this had been authored by the private sector, it would have been started and killed 6 times across 3 different teams, released before it was ready, then suddenly sold off and killed by a capricious C-level who heard that something else is the new hotness now.

Go Up