Jeffrey Vagle
As March gave way to April, the cybersecurity community was abuzz with the news that liblzma, a component of the xz open source data compression utility, had been hijacked as a vehicle for code that could create a backdoor into computers that installed and ran the software. It’s likely that you’ve never heard of liblzma or xz, nor spend much time thinking about software compression utilities. But whether you know it or not, you may have actually installed and used xz through its inclusion in other software tools, as is the case with many obscure open source software packages, and that’s a problem for cybersecurity.
No comments:
Post a Comment