[kwlug-disc] Fw: Backdoor found in widely used Linux utility

[Khalid Baheyeldin]

The reason the exploit perpetrator was successful was indeed
that he was trusted. The original maintainer of the lzma library
was known to take breaks from the internet, and the Jia Tan
person was seen as someone who is helping, so they were given
the keys to the kingdom (commit and release privileges).

The other thing is the nature of the package: the exploit is
disguised as a bad compressed file that is useful for testing.

Lots of lessons to be learned here.