104 - XZ Backdoor: A FOSS Danger Story
Watchman Privacy - A podcast by Gabriel Custodiet
Categories:
Gabriel Custodiet speaks with Urban Hacker about the infamous XZ backdoor incident by which a key piece of software in the Linux kernel was nearly hijacked. The attacker spent four years slowly ingratiating himself into the small community, which had been selected precisely because it consisted of a single burned-out developer. Follow us as we unravel this bizarre and disturbing story of premeditated digital attack and what it means for free and open-source software and our own cybersecurity. Mentioned →https://urbanhacker.net/a-closer-look-at-the-social-engineering-behind-the-xz-backdoor-part-one/ →https://en.wikipedia.org/wiki/XZ_Utils_backdoor Guest Links → https://urbanhacker.net/ → https://twitter.com/realUrbanHacker → https://t.me/Realurbanhacker (Telegram) → https://tallycoin.app/@realurbanhacker/the-orange-pill-simulator-zzjq3lmF (Urban Hacker’s Bitcoin game) WATCHMAN PRIVACY → https://watchmanprivacy.com (Yes: I offer consulting) → https://twitter.com/watchmanprivacy → https://escapethetechnocracy.com/ CRYPTO DONATIONS →8829DiYwJ344peEM7SzUspMtgUWKAjGJRHmu4Q6R8kEWMpafiXPPNBkeRBhNPK6sw27urqqMYTWWXZrsX6BLRrj7HiooPAy (Monero) →https://btcpay0.voltageapp.io/apps/3JDQDSj2rp56KDffH5sSZL19J1Lh/pos (BTC) Timeline 0:00 – Introduction 2:25 – What is XZ Utils? 4:17 – How does GitHub work? 15:15 – Summary of XZ Utils backdoor incident 18:00 – Social engineering 21:00 – Technical implementation of the backdoor attack 28:00 – Potential consequences of this attempted attack 30:10 – How was it found? 33:00 – Does this expose a major weakness of FOSS? 38:25 – Similar supply chain cyber attacks 43:00 – Final thoughts #XZBackDoor #UrbanHacker #WatchmanPrivacy