😟 Security Experts Terrified By SSH Vulnerability. Here’s What We Know

Tom Smykowski
8 min readApr 3, 2024

The vulnerability triggered in SSH can allow hackers to take over servers. Security experts are terrified. It’s possible the attack took over two years, required a lot of resources and technical skills

For the last week, everyone is talking about the vulnerability triggered in SSH. Usually the descriptions of it are quite complicated. Is it just another hole in some random app? If so, why cybersecurity are so concerned about this one, and online forums are full of terrified security experts? Let’s find out!

As we can read on wiz.io, a backdoor was found in versions 5.6.0 and 5.6.1 of xz utils that impacted SSH. As we can read, xz it is a command line compression tool that consists of lzma and xz and impacted SSH.

I was able to write this article, because people read it on Medium

On Friday, 29 March, 2024, Andres Freund send an email to Openwall mailing list. A mailing list is like Discord for tech savvy people, while Openwall is a project to secure open source code.

It’s there where Andres shares his troubling findings.

The Server Takeoff

--

--

Tom Smykowski
Tom Smykowski

Written by Tom Smykowski

Software Engineer & Tech Editor. Top 2% on StackOverflow, 3mil views on Quora. Won Shattered Pixel Dungeon.