emidio

joined 1 year ago
sorted by: new top controversial old
Meta AI is obsessed with turbans when generating images of Indian men in c/technology@lemmy.world
[–] emidio@lemmy.blahaj.zone 1 points 4 months ago

That looks just like the town Delft

Download xz Utils infected distro version in c/linux@lemmy.ml
[–] emidio@lemmy.blahaj.zone 10 points 4 months ago

Yes, indeed the backdoor code checks, in the event of ssh authentication with a certificate, that it was signed with a specific ssh private key (their own CA), the corresponding public key being hardcoded in the backdoor code.

But this project xzbot demonstrates how to patch the corrupted liblzma to replace the key

Download xz Utils infected distro version in c/linux@lemmy.ml
[–] emidio@lemmy.blahaj.zone 7 points 4 months ago* (last edited 4 months ago) (1 children)

Oh thank you so much for these instructions I'll go through them on my computer.

I indeed wanted to know if the versions were still downloadable anywhere but if you can still install the correct liblzma version on any version of the distribution that works. I tried on a Debian VM on mac but with too little knowledge and it never run the correct liblzma

xzbot from Anthony Weems enables to patch the corrupted liblzma to change the private key used to compare it to the signed ssh certificate, so adding this to your instructions might enable me to demonstrate sshing into the VM :)

39
Download xz Utils infected distro version (lemmy.blahaj.zone)
 

Hi ! I want to demo the backdoor usage and would like to install a unstable/test version of a distribution (possibly Debian or Fedora) that had the backdoor (v5.6.0 or 5.6.1 of xz/liblzma and patched openssh for systemd notification)

How could I do that?

I will be using xzbot from amlweems to further patch liblzma but I want a distro that has openssh run by systemd that links to the correct liblzma version

Thank you!