cid:
"bafyreifrxesmeekzkohzxlapcmwciy6ak5jfuujrobtsjaxirbxixgukyq"
value:
text:
"I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It's RCE, not auth bypass, and gated/unreplayable."
$type:
"app.bsky.feed.post"
embed:
$type:
"app.bsky.embed.record"
record:
cid:
"bafyreia2zu7geoeqiunjb3yjvc64oa5ws5ejhp7url6aszcrxy3zcu62py"
langs:
"en"
createdAt:
"2024-03-30T17:13:58.474Z"