Some Relief For Linux Admins Living In Terror Of The XZ Backdoor

Binarly’s Scanner Will Reduce The Time You Spend Hunting As Well As False Positives

Thanks to a curious and technically skilled engineer by the name of Andres Freud, Linux admins are living in a bit of a nightmare world.  He discovered a backdoor in the XZ Utils package which contains a number of tools and libraries at the heart of many Linux distros.  In general the solution has been to remain on the previous version of XZ Utils as the 5.4.6 Stable version does not have this flaw.  However those that did upgrade to XZ version 5.6.0 or 5.6.1 have needed to do a hands on search through vbyte strings, file hashes and other techniques to detect what is vulnerable on their systems.

Enter Binarly, who have designed a tool which will automatically detect the XZ backdoor which will analyze your binaries to identify tampering of transitions in GNU Indirect Functions.  This should not only reduce the amount of time you spend searching your systems for vulnerabilities but will be more accurate than a manual process.  It also scans beyond just XZ Utils, to detect if you have already been penetrated and attackers have already turned some of your other utilities into backdoors. 

You can read more about what the tool does at Bleeping Computer, or just head straight to xz.fail to start securing your systems.