{"guid":"6581441d-1b85-5e3c-a16b-0434aa9d3b61","title":"Common Code \u003c\u003e Different Backdoors","subtitle":null,"slug":"gpn22-304-common-code-different-backdoors","link":"https://cfp.gulas.ch/gpn22/talk/8MKMDL/","description":"Ende März '24 wurde zufällig eine Backdoor in der verbreiteten Open Source - Bibliothek xz-utils entdeckt, die unter anderem im ssh-Server moderner Linux-Distributionen verwendet wird. Diese Sicherheitslücke wurde in einem mehrjährigen Prozess vorbereitet und eingebaut. Es wurden dazu sowohl menschliche Schwäche, als auch grundlegende organisatorische und technische Probleme in der Zusammenarbeit rund um Open Source Entwicklung ausgenutzt. \nDieser Vortrag wird über die mehrjährige Vorbereitung und Implementierung der Schwachstelle berichten, aber auch einige offene Fragen und mögliche Konsequenzen beleuchten.\nWarum baut das Internet auf Bibliotheken auf, die einzelne Maintainer in ihrer Freizeit basteln? Besteht ein grundlegendes Sicherheitsproblem in der Nutzung von Open Source Software? Könnte KI die Lösung sein?\n\nslides:\nhttps://gitlab.com/cy4n/talk-backdoorxz_pub/-/blob/main/xz_gpn.pdf","original_language":"deu","persons":["cy"],"tags":["gpn22","304","2024","Security"],"view_count":399,"promoted":false,"date":"2024-05-30T19:45:00.000+02:00","release_date":"2024-05-31T00:00:00.000+02:00","updated_at":"2026-04-10T13:30:06.214+02:00","length":3715,"duration":3715,"thumb_url":"https://static.media.ccc.de/media/events/gpn/gpn22/304-6581441d-1b85-5e3c-a16b-0434aa9d3b61.jpg","poster_url":"https://static.media.ccc.de/media/events/gpn/gpn22/304-6581441d-1b85-5e3c-a16b-0434aa9d3b61_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/gpn/gpn22/304-6581441d-1b85-5e3c-a16b-0434aa9d3b61.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/gpn/gpn22/304-6581441d-1b85-5e3c-a16b-0434aa9d3b61.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/gpn22-304-common-code-different-backdoors","url":"https://api.media.ccc.de/public/events/6581441d-1b85-5e3c-a16b-0434aa9d3b61","conference_title":"Gulaschprogrammiernacht 22","conference_url":"https://api.media.ccc.de/public/conferences/gpn22","related":[],"recordings":[{"size":857,"length":3715,"mime_type":"video/webm","language":"deu","filename":"gpn22-304-deu-Common_Code_Different_Backdoors_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-05-31T23:10:31.522+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn22/webm-hd/gpn22-304-deu-Common_Code_Different_Backdoors_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/77440","event_url":"https://api.media.ccc.de/public/events/6581441d-1b85-5e3c-a16b-0434aa9d3b61","conference_url":"https://api.media.ccc.de/public/conferences/gpn22"},{"size":219,"length":3715,"mime_type":"video/webm","language":"deu","filename":"gpn22-304-deu-Common_Code_Different_Backdoors_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-05-31T13:17:06.580+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn22/webm-sd/gpn22-304-deu-Common_Code_Different_Backdoors_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/77327","event_url":"https://api.media.ccc.de/public/events/6581441d-1b85-5e3c-a16b-0434aa9d3b61","conference_url":"https://api.media.ccc.de/public/conferences/gpn22"},{"size":56,"length":3715,"mime_type":"audio/mpeg","language":"deu","filename":"gpn22-304-deu-Common_Code_Different_Backdoors_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2024-05-31T11:27:03.075+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn22/mp3/gpn22-304-deu-Common_Code_Different_Backdoors_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/77295","event_url":"https://api.media.ccc.de/public/events/6581441d-1b85-5e3c-a16b-0434aa9d3b61","conference_url":"https://api.media.ccc.de/public/conferences/gpn22"},{"size":34,"length":3715,"mime_type":"audio/opus","language":"deu","filename":"gpn22-304-deu-Common_Code_Different_Backdoors_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2024-05-31T11:26:45.220+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn22/opus/gpn22-304-deu-Common_Code_Different_Backdoors_opus.opus","url":"https://api.media.ccc.de/public/recordings/77294","event_url":"https://api.media.ccc.de/public/events/6581441d-1b85-5e3c-a16b-0434aa9d3b61","conference_url":"https://api.media.ccc.de/public/conferences/gpn22"},{"size":186,"length":3715,"mime_type":"video/mp4","language":"deu","filename":"gpn22-304-deu-Common_Code_Different_Backdoors_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-05-31T11:25:53.242+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn22/h264-sd/gpn22-304-deu-Common_Code_Different_Backdoors_sd.mp4","url":"https://api.media.ccc.de/public/recordings/77293","event_url":"https://api.media.ccc.de/public/events/6581441d-1b85-5e3c-a16b-0434aa9d3b61","conference_url":"https://api.media.ccc.de/public/conferences/gpn22"},{"size":818,"length":3715,"mime_type":"video/mp4","language":"deu","filename":"gpn22-304-deu-Common_Code_Different_Backdoors_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-05-31T10:53:18.974+02:00","recording_url":"https://cdn.media.ccc.de/events/gpn/gpn22/h264-hd/gpn22-304-deu-Common_Code_Different_Backdoors_hd.mp4","url":"https://api.media.ccc.de/public/recordings/77291","event_url":"https://api.media.ccc.de/public/events/6581441d-1b85-5e3c-a16b-0434aa9d3b61","conference_url":"https://api.media.ccc.de/public/conferences/gpn22"}]}