This week we attempt to unpack the recent, historic security breach in the open source world, after the discovery of a secret backdoor that was inserted by a malicious actor into the the xz-utils package, with a focus on which specific Linux distros were targeted and why, how the attacker socially engineered their way into the position of authority that made this possible, and what ought to be done to support developers of critical infrastructure to (hopefully) prevent this from happening again. Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod
This week we attempt to unpack the recent, historic security breach in the open source world, after the discovery of a secret backdoor that was inserted by a malicious actor into the the xz-utils package, with a focus on which specific Linux distros were targeted and why, how the attacker socially engineered their way into the position of authority that made this possible, and what ought to be done to support developers of critical infrastructure to (hopefully) prevent this from happening again.
Show notes for this episode: https://tinyurl.com/techpod-230-xz-backdoor
Go watch Pirates of Silicon Valley for an upcoming episode where we'll discuss it: https://archive.org/details/piratesofsiliconvalley_201908