Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2404.08987 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866917639076446208 |
|---|---|
| author | Lins, Mario Mayrhofer, René Roland, Michael Hofer, Daniel Schwaighofer, Martin |
| author_facet | Lins, Mario Mayrhofer, René Roland, Michael Hofer, Daniel Schwaighofer, Martin |
| contents | An emerging supply-chain attack due to a backdoor in XZ Utils has been identified. The backdoor allows an attacker to run commands remotely on vulnerable servers utilizing SSH without prior authentication. We have started to collect available information with regards to this attack to discuss current mitigation strategies for such kinds of supply-chain attacks. This paper introduces the critical attack path of the XZ backdoor and provides an overview about potential mitigation techniques related to relevant stages of the attack path. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2404_08987 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | On the critical path to implant backdoors and the effectiveness of potential mitigation techniques: Early learnings from XZ Lins, Mario Mayrhofer, René Roland, Michael Hofer, Daniel Schwaighofer, Martin Cryptography and Security An emerging supply-chain attack due to a backdoor in XZ Utils has been identified. The backdoor allows an attacker to run commands remotely on vulnerable servers utilizing SSH without prior authentication. We have started to collect available information with regards to this attack to discuss current mitigation strategies for such kinds of supply-chain attacks. This paper introduces the critical attack path of the XZ backdoor and provides an overview about potential mitigation techniques related to relevant stages of the attack path. |
| title | On the critical path to implant backdoors and the effectiveness of potential mitigation techniques: Early learnings from XZ |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2404.08987 |