all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280

Add to bookmarks
April 9, 2024, 1:38 p.m. | Security Weekly

Security Weekly www.youtube.com

We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.

It's an exciting topic …

abuse backdoor code con connections engineering malicious package social social engineering ssh story supply supply chain xz utils

Visit resource

More from www.youtube.com / Security Weekly

Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 7 hours ago | www.youtube.com
cisco credit credit monitoring docker +7
RSAC 2024 Monday Live Stream Schedule 8 hours ago | www.youtube.com
live monday rsac rsac 2024 +2
RSA Conference, Verizon DBIR, funding, reports, partnerships and more - ESW #360 9 hours ago | www.youtube.com
acquisitions announcements big companies +13
ChatGPT Writes Exploits - PSW #827 23 hours ago | www.youtube.com
banning chatgpt chips default +12
Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360 1 day ago | www.youtube.com
breaking down important incident +4
Kicking Off With Crypto - PSW #827 1 day, 11 hours ago | www.youtube.com
articles computing crypto cryptography +14
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN … 3 days, 7 hours ago | www.youtube.com
chrome fcc ftc josh +8
Random Problems, Protecting Packages, and Vulns in Designs, Defaults & Data Leaks - ASW #283 3 days, 10 hours ago | www.youtube.com
code data data leaks leaks +11
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283 3 days, 10 hours ago | www.youtube.com
address chaos companies continue +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Engineer - Detection and Response

@ Fastly, Inc. | US (Remote)
View on infosec-jobs.com

Application Security Engineer

@ Solidigm | Zapopan, Mexico
View on infosec-jobs.com

Defensive Cyber Operations Engineer-Mid

@ ISYS Technologies | Aurora, CO, United States
View on infosec-jobs.com

Manager, Information Security GRC

@ OneTrust | Atlanta, Georgia
View on infosec-jobs.com

Senior Information Security Analyst | IAM

@ EBANX | Curitiba or São Paulo
View on infosec-jobs.com

Senior Information Security Engineer, Cloud Vulnerability Research

@ Google | New York City, USA; New York, USA
View on infosec-jobs.com
View more jobs