XZ Utils backdoor, the Glossary

Table of Contents

1. 45 relations: Advanced persistent threat, Alex Stamos, Arbitrary code execution, Authentication protocol, Backdoor (computing), Canonical (company), Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Cozy Bear, Cyberinfrastructure, Cybersecurity and Infrastructure Security Agency, Dave Aitel, Debian, Dpkg, EdDSA, Exploit (computer security), Foreign Intelligence Service (Russia), Git, GitHub, Glibc, GNU Compiler Collection, Linux distribution, M4 (computer language), Master keying, National Vulnerability Database, OpenSSH, Openwall Project, Operations security, Patch (computing), PostgreSQL, Red Hat, Remote access service, RPM Package Manager, Russia, Secure Shell, Sock puppet account, Software release life cycle, SUSE S.A., Systemd, Tar (computing), Upstream (software development), Valgrind, X86-64, Xkcd, XZ Utils.

2. 2024 in computing
3. Kleptography
4. March 2024 events
5. Trojan horses

Advanced persistent threat

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.

See XZ Utils backdoor and Advanced persistent threat

Alex Stamos

Alex Stamos is an American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation.

See XZ Utils backdoor and Alex Stamos

Arbitrary code execution

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process.

See XZ Utils backdoor and Arbitrary code execution

Authentication protocol

An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities.

See XZ Utils backdoor and Authentication protocol

Backdoor (computing)

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus computer"—a tiny computer-within-a-computer such as that found in Intel's AMT technology).

See XZ Utils backdoor and Backdoor (computing)

Canonical (company)

Canonical Ltd. is a privately held computer software company based in London, England.

See XZ Utils backdoor and Canonical (company)

Common Vulnerabilities and Exposures

The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. XZ Utils backdoor and Common Vulnerabilities and Exposures are computer security exploits.

See XZ Utils backdoor and Common Vulnerabilities and Exposures

Common Vulnerability Scoring System

The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.

See XZ Utils backdoor and Common Vulnerability Scoring System

Cozy Bear

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia.

See XZ Utils backdoor and Cozy Bear

Cyberinfrastructure

United States federal research funders use the term cyberinfrastructure to describe research environments that support advanced data acquisition, data storage, data management, data integration, data mining, data visualization and other computing and information processing services distributed over the Internet beyond the scope of a single institution.

See XZ Utils backdoor and Cyberinfrastructure

Cybersecurity and Infrastructure Security Agency

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.

See XZ Utils backdoor and Cybersecurity and Infrastructure Security Agency

Dave Aitel

Dave Aitel (born 1976) is a computer security professional.

See XZ Utils backdoor and Dave Aitel

Debian

Debian, also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software and optionally non-free firmware or software developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993.

See XZ Utils backdoor and Debian

Dpkg

dpkg is the software at the base of the package management system in the free operating system Debian and its numerous derivatives.

See XZ Utils backdoor and Dpkg

EdDSA

In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves.

See XZ Utils backdoor and EdDSA

Exploit (computer security)

An exploit (from the English verb to exploit, meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). XZ Utils backdoor and exploit (computer security) are computer security exploits.

See XZ Utils backdoor and Exploit (computer security)

Foreign Intelligence Service (Russia)

The Foreign Intelligence Service of the Russian Federation (p) or FIS RF (r) is Russia's external intelligence agency, focusing mainly on civilian affairs.

See XZ Utils backdoor and Foreign Intelligence Service (Russia)

Git

Git is a distributed version control system that tracks versions of files.

See XZ Utils backdoor and Git

GitHub

GitHub is a developer platform that allows developers to create, store, manage and share their code.

See XZ Utils backdoor and GitHub

Glibc

The GNU C Library, commonly known as glibc, is the GNU Project implementation of the C standard library.

See XZ Utils backdoor and Glibc

GNU Compiler Collection

The GNU Compiler Collection (GCC) is a collection of compilers from the GNU Project that support various programming languages, hardware architectures and operating systems.

See XZ Utils backdoor and GNU Compiler Collection

Linux distribution

A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and often a package management system.

See XZ Utils backdoor and Linux distribution

M4 (computer language)

m4 is a general-purpose macro processor included in most Unix-like operating systems, and is a component of the POSIX standard.

See XZ Utils backdoor and M4 (computer language)

Master keying

A master key operates a set of several locks.

See XZ Utils backdoor and Master keying

National Vulnerability Database

The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

See XZ Utils backdoor and National Vulnerability Database

OpenSSH

OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

See XZ Utils backdoor and OpenSSH

Openwall Project

The Openwall Project is a source for various software, including Openwall GNU/*/Linux (Owl), a security-enhanced Linux distribution designed for servers.

See XZ Utils backdoor and Openwall Project

Operations security

Operations security (OPSEC) is a process that identifies critical information to determine whether friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.

See XZ Utils backdoor and Operations security

Patch (computing)

A patch is data that is intended to be used to modify an existing software resource such as a program or a file, often to fix bugs and security vulnerabilities.

See XZ Utils backdoor and Patch (computing)

PostgreSQL

PostgreSQL, also known as Postgres, is a free and open-source relational database management system (RDBMS) emphasizing extensibility and SQL compliance.

See XZ Utils backdoor and PostgreSQL

Red Hat

Red Hat, Inc. (formerly Red Hat Software, Inc.) is an American software company that provides open source software products to enterprises and is a subsidiary of IBM.

See XZ Utils backdoor and Red Hat

Remote access service

A remote access service (RAS) is any combination of hardware and software to enable the remote access tools or information that typically reside on a network of IT devices.

See XZ Utils backdoor and Remote access service

RPM Package Manager

RPM Package Manager (RPM) (originally Red Hat Package Manager, now a recursive acronym) is a free and open-source package management system.

See XZ Utils backdoor and RPM Package Manager

Russia

Russia, or the Russian Federation, is a country spanning Eastern Europe and North Asia.

See XZ Utils backdoor and Russia

Secure Shell

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.

See XZ Utils backdoor and Secure Shell

Sock puppet account

A sock puppet is a false online identity used for deceptive purposes.

See XZ Utils backdoor and Sock puppet account

Software release life cycle

The software release life cycle is the process of developing, testing, and distributing a software product (e.g., an operating system).

See XZ Utils backdoor and Software release life cycle

SUSE S.A.

SUSE S.A. is a Luxembourgish multinational open-source software company that develops and sells Linux products to business customers.

See XZ Utils backdoor and SUSE S.A.

Systemd

systemd is a software suite that provides an array of system components for Linux operating systems.

See XZ Utils backdoor and Systemd

Tar (computing)

In computing, tar is a computer software utility for collecting many files into one archive file, often referred to as a tarball, for distribution or backup purposes.

See XZ Utils backdoor and Tar (computing)

Upstream (software development)

In software development, when software has been forked or uses a chain of libraries/dependencies, upstream refers to an issue that occurs in software related to the chain.

See XZ Utils backdoor and Upstream (software development)

Valgrind

Valgrind is a programming tool for memory debugging, memory leak detection, and profiling.

See XZ Utils backdoor and Valgrind

X86-64

x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first announced in 1999.

See XZ Utils backdoor and X86-64

Xkcd

xkcd, sometimes styled XKCD, is a webcomic created in 2005 by American author Randall Munroe.

See XZ Utils backdoor and Xkcd

XZ Utils

XZ Utils (previously LZMA Utils) is a set of free software command-line lossless data compressors, including the programs lzma and xz, for Unix-like operating systems and, from version 5.0 onwards, Microsoft Windows.

See XZ Utils backdoor and XZ Utils

See also

2024 in computing

• 2024 Commercial Bank of Ethiopia glitch incident
• 2024 CrowdStrike incident
• 2024 Ukrainian cyberattacks against Russia
• 2024 cyberattack on Kadokawa and Niconico
• Artificial Intelligence Act
• Cyber Resilience Act
• GoFetch
• LogoFAIL
• XZ Utils backdoor

Kleptography

• Clipper chip
• Dual EC DRBG
• Kleptography
• NIST SP 800-90A
• XZ Utils backdoor

March 2024 events

• 2024 Democrats Abroad presidential primary
• Deaths in March 2024
• Expedition 70
• March 2024 lunar eclipse
• Noon Against Putin
• Steadfast Defender 2024
• United Nations Security Council Resolution 2728
• XZ Utils backdoor

Trojan horses

• AIDS (Trojan horse)
• Alureon
• Bifrost (Trojan horse)
• Blackhole exploit kit
• Bohmini.A
• Cerberus (Android)
• Christmas Tree EXEC
• Clickbot.A
• DNSChanger
• DarkComet
• EGABTR
• Extended Copy Protection
• FinFisher
• Flashback (Trojan)
• Graybird
• HackingTeam
• Hidden Tear
• KeRanger
• Kobalos (malware)
• Koobface
• Kronos (malware)
• Linux.Encoder
• MP3Concept
• Mac Defender
• Maksim Yakubets
• Man-in-the-browser
• MiniPanzer and MegaPanzer
• Mocmex
• MoonBounce
• OSX.Keydnap
• Operation Trojan Shield
• RSPlug
• RavMonE.exe
• Shedun
• SpyEye
• The Cuckoo's Egg (book)
• Timeline of computer viruses and worms
• Trojan horse (computing)
• Twelve Tricks
• Vundo
• WARRIOR PRIDE
• XZ Utils backdoor
• Xafecopy Trojan
• XcodeGhost
• Xor DDoS

References

[1] https://en.wikipedia.org/wiki/XZ_Utils_backdoor

Also known as Andres Freund, CVE-2024-3094, Jia Tan, Jia Tan (developer), JiaT75, Jigar Kumar, Krygorin4545, Misoeater91, SSH backdoor (XZ Utils), SSH backdoor (XZ), SSH backdoor in XZ, SSH backdoor in XZ Utils, SSHd backdoor (XZ Utils), SSHd backdoor (XZ), SSHd backdoor in XZ, SSHd backdoor in XZ Utils, XZ Backdoor, XZ SSH backdoor, XZ SSHd backdoor, XZ Utils SSH backdoor, XZ Utils SSHd backdoor, XZ Utils backdoor for SSH, XZ Utils backdoor for SSHd, XZ backdoor for SSH, XZ backdoor for SSHd.