bsky.app

Filippo Valsorda (@filippo.abyssdomain.expert)

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed E