Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Konten disediakan oleh Risky.biz and Patrick Gray. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Risky.biz and Patrick Gray atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Mirip dengan Risky Biz
Technical interviews about software topics.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry. Hosted by Zoe Thomas
…
continue reading
Babbage is our weekly podcast on science and technology, named after Charles Babbage—a 19th-century polymath and grandfather of computing. Host Alok Jha talks to our correspondents about the innovations, discoveries and gadgetry shaping the world. Published every Wednesday. If you’re already a subscriber to The Economist, you’ll have full access to all our shows as part of your subscription. For more information about Economist Podcasts+, including how to get access, please visit our FAQs pa ...
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 21:00 UTC.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Tempers fly as the newsmakers of the week face-off in this award-winning show. Anchored by Sanket Upadhyay, this weekly program has politicians battlling wits with a live audience.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman and Rob Litterst from The Hustle.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
))
Risky Business #743 -- A chat about the xz backdoor with the guy who found it
Manage episode 412967731 series 3234705
Konten disediakan oleh Risky.biz and Patrick Gray. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Risky.biz and Patrick Gray atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The SSH backdoor that dreams (or nightmares) are made of
- Microsoft gets a solid spanking from the CSRB
- Ukraine uses an old Russian WinRAR bug to hack Russia
- Push-notifications and social-engineering combined-arms vs Apple
- And much, much more.
We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.
This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
Show notes
- Risky Biz News: Supply chain attack in Linuxland
- oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
- Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X
- Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X
- GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
- research!rsc: The xz attack shell script
- DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
- Review of the Summer 2023 Microsoft Exchange Online Intrusion
- Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
- Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
- Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
- Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
129 episode
Bagikan
Manage episode 412967731 series 3234705
Konten disediakan oleh Risky.biz and Patrick Gray. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Risky.biz and Patrick Gray atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The SSH backdoor that dreams (or nightmares) are made of
- Microsoft gets a solid spanking from the CSRB
- Ukraine uses an old Russian WinRAR bug to hack Russia
- Push-notifications and social-engineering combined-arms vs Apple
- And much, much more.
We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.
This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
Show notes
- Risky Biz News: Supply chain attack in Linuxland
- oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
- Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X
- Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X
- GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
- research!rsc: The xz attack shell script
- DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
- Review of the Summer 2023 Microsoft Exchange Online Intrusion
- Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
- Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
- Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
- Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
129 episode
Semua episode
×
Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.
Mirip dengan Risky Biz
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Technical interviews about software topics.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry. Hosted by Zoe Thomas
…
continue reading
Babbage is our weekly podcast on science and technology, named after Charles Babbage—a 19th-century polymath and grandfather of computing. Host Alok Jha talks to our correspondents about the innovations, discoveries and gadgetry shaping the world. Published every Wednesday. If you’re already a subscriber to The Economist, you’ll have full access to all our shows as part of your subscription. For more information about Economist Podcasts+, including how to get access, please visit our FAQs pa ...
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 21:00 UTC.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Tempers fly as the newsmakers of the week face-off in this award-winning show. Anchored by Sanket Upadhyay, this weekly program has politicians battlling wits with a live audience.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman and Rob Litterst from The Hustle.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
