Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
9 April - 1 hourWe look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.
It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing...
Perl & PHP Vulns, Fuzzing & Parsers, Protecting Multi-Hosted Tenants, Secure Design - ASW #303
41 mins
15 October Finished
Stego, uBlock, PPTP, Log4J, Command Jacking, Windows 10, Feet, Josh Marpet, and More. - SWN #422
30 mins
15 October Finished
Cybercab, Golden Jackal, Mamba 2FA, Microsoft, iPhone thieves, esims, Aaran Leyland.. - SWN #421
30 mins
11 October Finished
Community Knowledge Sharing with CyberNest - Ben Siegel, Aaron Costello - ESW #379
1 hour 53 mins
11 October Finished