Saved in:
Bibliographic Details
Main Authors: Lins, Mario, Mayrhofer, René, Roland, Michael, Hofer, Daniel, Schwaighofer, Martin
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2404.08987
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917639076446208
author Lins, Mario
Mayrhofer, René
Roland, Michael
Hofer, Daniel
Schwaighofer, Martin
author_facet Lins, Mario
Mayrhofer, René
Roland, Michael
Hofer, Daniel
Schwaighofer, Martin
contents An emerging supply-chain attack due to a backdoor in XZ Utils has been identified. The backdoor allows an attacker to run commands remotely on vulnerable servers utilizing SSH without prior authentication. We have started to collect available information with regards to this attack to discuss current mitigation strategies for such kinds of supply-chain attacks. This paper introduces the critical attack path of the XZ backdoor and provides an overview about potential mitigation techniques related to relevant stages of the attack path.
format Preprint
id arxiv_https___arxiv_org_abs_2404_08987
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle On the critical path to implant backdoors and the effectiveness of potential mitigation techniques: Early learnings from XZ
Lins, Mario
Mayrhofer, René
Roland, Michael
Hofer, Daniel
Schwaighofer, Martin
Cryptography and Security
An emerging supply-chain attack due to a backdoor in XZ Utils has been identified. The backdoor allows an attacker to run commands remotely on vulnerable servers utilizing SSH without prior authentication. We have started to collect available information with regards to this attack to discuss current mitigation strategies for such kinds of supply-chain attacks. This paper introduces the critical attack path of the XZ backdoor and provides an overview about potential mitigation techniques related to relevant stages of the attack path.
title On the critical path to implant backdoors and the effectiveness of potential mitigation techniques: Early learnings from XZ
topic Cryptography and Security
url https://arxiv.org/abs/2404.08987