This is the original email by the person who discovered this backdoor. But if you want you can search for xz backdoor and you’ll find a lot more articles which explain timelines and other things.
https://www.openwall.com/lists/oss-security/2024/03/29/4
== Observing Impact on openssh server ==With the backdoored liblzma installed, logins via ssh become a lot slower.
time ssh nonexistant@...alhost
before:
nonexistant@...alhost: Permission denied (publickey).
before:
real0m0.299s
user0m0.202s
sys 0m0.006s
after:
nonexistant@...alhost: Permission denied (publickey).
real0m0.807s
user0m0.202s
sys 0m0.006s
Is there an article about that, I would like to read some more about this topic😊
This is the original email by the person who discovered this backdoor. But if you want you can search for xz backdoor and you’ll find a lot more articles which explain timelines and other things. https://www.openwall.com/lists/oss-security/2024/03/29/4
== Observing Impact on openssh server == With the backdoored liblzma installed, logins via ssh become a lot slower. time ssh nonexistant@...alhost before: nonexistant@...alhost: Permission denied (publickey). before: real 0m0.299s user 0m0.202s sys 0m0.006s after: nonexistant@...alhost: Permission denied (publickey). real 0m0.807s user 0m0.202s sys 0m0.006sThat’s a 500ms or 0.5s difference