{"id":640,"date":"2024-04-03T14:36:08","date_gmt":"2024-04-03T14:36:08","guid":{"rendered":"https:\/\/www.stefan-wagenpfeil.de\/unkategorisiert\/ssh-library-hacked\/"},"modified":"2024-06-11T10:06:22","modified_gmt":"2024-06-11T10:06:22","slug":"ssh-library-hacked","status":"publish","type":"post","link":"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/","title":{"rendered":"SSH library Hacked!"},"content":{"rendered":"\n<p>That was close&#8230;.<br\/>Last week a crititcal security hole was detected and it reads almost like a thriller movie plot, when you dive into the details. Luckily almost unknown from the public, here&#8217;s what happened:<\/p>\n\n<p>The setup:<br\/>&#8211; the SSH protocol (one of the most critical protocols on the internet) is used by administrators to access about 20 million servers in the world<br\/>&#8211; it relies on a software library called <a href=\"http:\/\/liblzma.so\/\">liblzma.so<\/a> contained in the open source project XZ-tools<br\/>&#8211; XZ-tools is maintained by a single person on a voluntary basis (let&#8217;s call him Kevin)<\/p>\n\n<p>The plot<br\/>&#8211; Kevin has a normal job and maintains the library in his free time<br\/>&#8211; For some reason, more and more requests are addressed to him so that his workload is no longer doable<br\/>&#8211; a new friend of Kevin offers to support (let&#8217;s call this friend Joe). After two years, Kevin grants Joe quite some privileges in the build process of this library<br\/>&#8211; Joe integrates a backdoor into the build process, which allows him to grab login data when the library is used in the SSH context<br\/>&#8211; Joe did it in a way that only allowed himself to use this backdoor. A NOBUS-backdoor (nobody but us)<br\/>&#8211; once this library is shipped to production and distributed, Joe would be able to access 20 million servers with admin privileges<\/p>\n\n<p>The hero<br\/>&#8211; Andreas is software developer, who tested some software updates on is test system<br\/>&#8211; he discovered, that for unknown reasons his login-attempts took 500 milliseconds more after updating the XZ-tools<br\/>&#8211; and he did not ignore this. Instead, he investigated further, decompiled XZ-tools, and detected the backdoor<br\/>&#8211; Andreas immediately reported to authorities (ID CVE-2024-3094), forums, and vendors, the backdoor could be removed before the XZ-tools update got shipped<\/p>\n\n<p>In the meantime, it seems clear, that both Joe (the hacker) and the unusual many requests for Kevin have been issued coordinated by a group of people, maybe even an intelligence service.<\/p>\n\n<p>I&#8217;m thrilled to watch this plot in a movie &#8211; not in a fiction movie, but in a documentary. Really scary&#8230; thanks to Andreas, we have a happy ending!  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>That was close&#8230;.Last week a crititcal security hole was detected and it reads almost like a thriller movie plot, when you dive into the details. Luckily almost unknown from the public, here&#8217;s what happened: The setup:&#8211; the SSH protocol (one <span class=\"readmore\"><a href=\"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/\">Continue Reading<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,11,12],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SSH library Hacked! - Prof. Dr.-Ing. Stefan Wagenpfeil<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSH library Hacked! - Prof. Dr.-Ing. Stefan Wagenpfeil\" \/>\n<meta property=\"og:description\" content=\"That was close&#8230;.Last week a crititcal security hole was detected and it reads almost like a thriller movie plot, when you dive into the details. Luckily almost unknown from the public, here&#8217;s what happened: The setup:&#8211; the SSH protocol (one Continue Reading\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/\" \/>\n<meta property=\"og:site_name\" content=\"Prof. Dr.-Ing. Stefan Wagenpfeil\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-03T14:36:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-11T10:06:22+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/\",\"url\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/\",\"name\":\"SSH library Hacked! - Prof. Dr.-Ing. Stefan Wagenpfeil\",\"isPartOf\":{\"@id\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/#website\"},\"datePublished\":\"2024-04-03T14:36:08+00:00\",\"dateModified\":\"2024-06-11T10:06:22+00:00\",\"author\":{\"@id\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/#\/schema\/person\/ed92f1680d5c102ab0092d8214ca4bf8\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SSH library Hacked!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/#website\",\"url\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/\",\"name\":\"Prof. Dr.-Ing. Stefan Wagenpfeil\",\"description\":\"Software Engineering | IT-Management | Gutachter f\u00fcr Informatik\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/#\/schema\/person\/ed92f1680d5c102ab0092d8214ca4bf8\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/364447c30e0a86fe1a0790af9be5f43f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/364447c30e0a86fe1a0790af9be5f43f?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/smart-mmir.de\"],\"url\":\"https:\/\/www.stefan-wagenpfeil.de\/en\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SSH library Hacked! - Prof. Dr.-Ing. Stefan Wagenpfeil","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/","og_locale":"en_US","og_type":"article","og_title":"SSH library Hacked! - Prof. Dr.-Ing. Stefan Wagenpfeil","og_description":"That was close&#8230;.Last week a crititcal security hole was detected and it reads almost like a thriller movie plot, when you dive into the details. Luckily almost unknown from the public, here&#8217;s what happened: The setup:&#8211; the SSH protocol (one Continue Reading","og_url":"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/","og_site_name":"Prof. Dr.-Ing. Stefan Wagenpfeil","article_published_time":"2024-04-03T14:36:08+00:00","article_modified_time":"2024-06-11T10:06:22+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/","url":"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/","name":"SSH library Hacked! - Prof. Dr.-Ing. Stefan Wagenpfeil","isPartOf":{"@id":"https:\/\/www.stefan-wagenpfeil.de\/en\/#website"},"datePublished":"2024-04-03T14:36:08+00:00","dateModified":"2024-06-11T10:06:22+00:00","author":{"@id":"https:\/\/www.stefan-wagenpfeil.de\/en\/#\/schema\/person\/ed92f1680d5c102ab0092d8214ca4bf8"},"breadcrumb":{"@id":"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.stefan-wagenpfeil.de\/en\/latest-news\/ssh-library-hacked\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.stefan-wagenpfeil.de\/en\/"},{"@type":"ListItem","position":2,"name":"SSH library Hacked!"}]},{"@type":"WebSite","@id":"https:\/\/www.stefan-wagenpfeil.de\/en\/#website","url":"https:\/\/www.stefan-wagenpfeil.de\/en\/","name":"Prof. Dr.-Ing. Stefan Wagenpfeil","description":"Software Engineering | IT-Management | Gutachter f\u00fcr Informatik","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stefan-wagenpfeil.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.stefan-wagenpfeil.de\/en\/#\/schema\/person\/ed92f1680d5c102ab0092d8214ca4bf8","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stefan-wagenpfeil.de\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/364447c30e0a86fe1a0790af9be5f43f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/364447c30e0a86fe1a0790af9be5f43f?s=96&d=mm&r=g","caption":"admin"},"sameAs":["http:\/\/smart-mmir.de"],"url":"https:\/\/www.stefan-wagenpfeil.de\/en\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/posts\/640"}],"collection":[{"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/comments?post=640"}],"version-history":[{"count":1,"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/posts\/640\/revisions"}],"predecessor-version":[{"id":642,"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/posts\/640\/revisions\/642"}],"wp:attachment":[{"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/media?parent=640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/categories?post=640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stefan-wagenpfeil.de\/en\/wp-json\/wp\/v2\/tags?post=640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}