EPISODE · Apr 10, 2024 · 45 MIN
The XZ Apocalypse
from Picture Me Coding · host Erik Aker and Mike Mull
A week ago a developer in San Francisco named Andres Freund found a backdoor in SSH which would grant some shadowy figure access to Linux machines running the latest version of a library called liblzma. Even more incredibly, there were various semi-anonymous figures clamoring for inclusion of this compromised version of liblzma into the latest version of various Linux distros. This entire scheme had been underway for over three years before it fell apart under Freund's scrutiny and attention from the broader software industry.This week Mike gives us a breakdown of the exploit and we talk about the fallout from this backdoor which took advantage of an overworked and vulnerable open-source maintainer. As Mike puts it, the story is "bonkers".To read more about it, check out these articles: The Verge: “How one volunteer stopped a backdoor from exposing Linux systems worldwide” Wired: “The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind” TuxCare: “A Deep Dive on the xz Compromise” Timeline from Boehs.org: https://boehs.org/node/everything-i-know-about-the-xz-backdoorSend us Fan Mail
What this episode covers
A week ago a developer in San Francisco named Andres Freund found a backdoor in SSH which would grant some shadowy figure access to Linux machines running the latest version of a library called liblzma. Even more incredibly, there were various semi-anonymous figures clamoring for inclusion of this compromised version of liblzma into the latest version of various Linux distros. This entire scheme had been underway for over three years before it fell apart under Freund's scrutiny a...
NOW PLAYING
The XZ Apocalypse
No transcript for this episode yet
Similar Episodes
Mar 3, 2026 ·44m
Feb 21, 2026 ·30m
Dec 17, 2025 ·30m
Dec 11, 2025 ·26m
Dec 11, 2025 ·29m
Dec 11, 2025 ·33m