Skip to content

Instantly share code, notes, and snippets.

@nemobis
nemobis / xz-backdoor.md
Created April 1, 2024 10:16 — forked from thesamesam/xz-backdoor.md
xz-utils backdoor situation

FAQ on the xz-utils backdoor

This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless. Unknown unknowns are safer than known unknowns.

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't know much about what's going on.

<html xmlns:xxt="http://www.jclark.com/xt/java/com.macromedia.airspeed.servlet.ui.XSLTExtensions">
<head>
<title>THA_250117</title>
<script type="text/javascript" src="/common/scripts/s_code.js?ver=9.5.3"></script><script type="text/javascript" src="/common/scripts/OmnitureTracker.js?ver=9.5.3"></script><script type="text/javascript" src="/common/scripts/modalDialog/jquery-1.7.1.js?ver=9.5.3" charset="utf-8"></script><script type="text/javascript">
var useUASniffing = false;
function setUASniffing(value) {
useUASniffing = value;
}
</script><script>
var isReview = 'false';
$ pidgin -d
(10:10:41) prefs: Reading /home/federico/.purple/prefs.xml
(10:10:41) prefs: Finished reading /home/federico/.purple/prefs.xml
(10:10:41) prefs: purple_prefs_get_path: Unknown pref /pidgin/browsers/command
(10:10:41) dbus: okkk
(10:10:41) plugins: probing /usr/lib64/pidgin/timestamp_format.so
(10:10:41) plugins: probing /usr/lib64/pidgin/spellchk.so
(10:10:41) plugins: probing /usr/lib64/pidgin/sendbutton.so
(10:10:41) plugins: probing /usr/lib64/pidgin/vvconfig.so
(10:10:41) plugins: probing /usr/lib64/pidgin/timestamp.so
@nemobis
nemobis / test.log
Created January 22, 2015 18:57
https-everywhere]$ ./test.sh (c5523ad983abf153c22fd5a47acdfdea7708bdde)
https-everywhere]$ ./test.sh
+++ readlink -f ./test.sh
++ dirname /home/federico/mw/https-everywhere/test.sh
+ cd /home/federico/mw/https-everywhere
+ TEST_ADDON_PATH=./https-everywhere-tests/
++ mktemp -d
+ PROFILE_DIRECTORY=/tmp/tmp.tL3sul3IMu
+ trap 'rm -r "$PROFILE_DIRECTORY"' EXIT
+ HTTPSE_INSTALL_DIRECTORY=/tmp/tmp.tL3sul3IMu/extensions/https-everywhere@eff.org
+ ./makexpi.sh
@nemobis
nemobis / HTTPS-Everywhere-broken-domains.txt
Created December 29, 2014 19:26
ack --xml -o 'target host="[^"]+' . | sed --regexp-extended 's,.+target host=",,g' | sed 's,*.,,g' | sort -u | xargs -d "\n" -n 1 -I '{}' sh -c "echo {}; curl -ISsf --connect-timeout 1 https://{} ;" 2>&1 | grep -B 1 'curl: ('
This file has been truncated, but you can view the full file.
01.org
curl: (28) SSL connection timeout
0nl1ne.at
curl: (51) SSL peer certificate or SSH remote key was not OK
0x539.de
curl: (6) Couldn't resolve host '0x539.de'
0xbadc0de.be
curl: (51) SSL peer certificate or SSH remote key was not OK
100-gute-gruende.de
curl: (22) The requested URL returned error: 405
<?xml version="1.0" encoding="UTF-8"?>
<record>
<control>
<sourcerecordid>4783627</sourcerecordid>
<sourceid>39bei_digitool</sourceid>
<recordid>39bei_digitool4783627</recordid>
<sourceformat>Digital Entity</sourceformat>
<sourcesystem>Digitool</sourcesystem>
</control>
<display>
#########################################################################
# Welcome to CommonsChecker 0.1 by WikiTeam (GPL v3) #
# More info at: http://code.google.com/p/wikiteam/ #
#########################################################################
#########################################################################
# Copyright (C) 2011-2012 WikiTeam #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
@nemobis
nemobis / wiki-scraper.rb
Last active September 13, 2017 21:36 — forked from anonymous/wiki-scraper.rb
Google search scraper to list all results likely to be MediaWiki installations
#!/usr/bin/env ruby
# encoding: utf-8
##################################################################################
# Google search scraper to list all results likely to be MediaWiki installations #
# #
# CC-0, ArchiveTeam/WikiTeam, 2013 #
# #
##################################################################################
require 'rubygems'
@nemobis
nemobis / commons-interlace-exiftool.sh
Created October 17, 2012 18:08
Silly script to find interlaced images on Commons (bug 17645)
#!/bin/bash
# commons-interlace-exiftool.sh: silly script to find interlaced images on Commons
cat jpgcommons.txt | # Take list of filenames, one per line
while read line # As long as there is another line to read ...
do
URL=$(curl "http://commons.wikimedia.org/w/api.php?action=query&prop=imageinfo&iiprop=url&titles=File:$line&format=xml" | grep -oE 'http://upload.wikimedia.org[^"]+');
echo "URL is $URL"
IDEN=$(curl $URL | exiftool -fast2 - | grep -i "Encoding Process")
# "Baseline DCT" only safe JPEG SOF tag, many less common ones are uncertain
@nemobis
nemobis / commons-interlace.sh
Created October 15, 2012 07:39
Silly script to find interlaced images on Commons (bug 17645)
#!/bin/bash
# commons-interlace.sh: silly script to find interlaced images on Commons
cat jpgcommons.txt | # Take list of filenames, one per line
while read line # As long as there is another line to read ...
do
URL=$(curl "http://commons.wikimedia.org/w/api.php?action=query&prop=imageinfo&iiprop=url&titles=File:$line&format=xml" | grep -oE 'http://upload.wikimedia.org[^"]+');
echo "URL is $URL"
IDEN=$(curl $URL | identify -verbose -)
if grep -qi "Interlace: None" <<< $IDEN; then