Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Treść dostarczona przez The New Stack Podcast and The New Stack. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez The New Stack Podcast and The New Stack lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.
Podobny do The New Stack Podcast
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Welcome to Hands-On Tech, where host Mikah Sargent turns tech troubles into tech triumphs. Each episode zooms in on a specific theme, unpacking listener questions with expert analysis and easy-to-follow advice. From decoding the latest gadgets to simplifying everyday tech, Mikah's got you covered. Submit your tech queries through email at [email protected] or via TWiT's social media. You might hear your question answered on air! Whether you're puzzled by privacy settings or curious about cutting-e ...
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
When it comes to technology, you may have questions. So do we. Every other week, we demystify the tech industry, one answer at a time. Join us as we bring together a chorus of perspectives from within Red Hat to break down the big, emerging ideas that matter both today and beyond. Compiler is hosted by Angela Andrews and Brent Simoneaux. Learn more about our show at redhat.com/en/compiler-podcast
…
continue reading
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - aplikacja do podcastów
Przejdź do trybu offline z Player FM !
Przejdź do trybu offline z Player FM !
))
Linux xz and the Great Flaws in Open Source
Manage episode 425890651 series 75006
Treść dostarczona przez The New Stack Podcast and The New Stack. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez The New Stack Podcast and The New Stack lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.
The Linux xz utils backdoor exploit, discussed in an interview at the Open Source Summit 2024 on The New Stack Makers with John Kjell, director of open source at TestifySec, highlights critical vulnerabilities in the open-source ecosystem. This exploit involved a maintainer of the Linux xz utils project adding malicious code to a new release, discovered by a Microsoft engineer. This breach demonstrates the high trust placed in maintainers and how this trust can be exploited. Kjell explains that the backdoor allowed remote code execution or unauthorized server access through SSH connections.
The exploit reveals a significant flaw: the human element in open source. Maintainers, often under pressure from company executives to quickly address vulnerabilities and updates, can become targets for social engineering. Attackers built trust within the community by contributing to projects over time, eventually gaining maintainer status and inserting malicious code. This scenario underscores the economic pressures on open source, where maintainers work unpaid and face demands from large organizations, exposing the fragility of the open-source supply chain. Despite these challenges, the community's resilience is also evident in their rapid response to such threats.
Learn more from The New Stack about Linux xz utils
Linux xz Backdoor Damage Could Be Greater Than Feared
Unzipping the XZ Backdoor and Its Lessons for Open Source
The Linux xz Backdoor Episode: An Open Source Myster
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
884 odcinków
Udostępnij
Manage episode 425890651 series 75006
Treść dostarczona przez The New Stack Podcast and The New Stack. Cała zawartość podcastów, w tym odcinki, grafika i opisy podcastów, jest przesyłana i udostępniana bezpośrednio przez The New Stack Podcast and The New Stack lub jego partnera na platformie podcastów. Jeśli uważasz, że ktoś wykorzystuje Twoje dzieło chronione prawem autorskim bez Twojej zgody, możesz postępować zgodnie z procedurą opisaną tutaj https://pl.player.fm/legal.
The Linux xz utils backdoor exploit, discussed in an interview at the Open Source Summit 2024 on The New Stack Makers with John Kjell, director of open source at TestifySec, highlights critical vulnerabilities in the open-source ecosystem. This exploit involved a maintainer of the Linux xz utils project adding malicious code to a new release, discovered by a Microsoft engineer. This breach demonstrates the high trust placed in maintainers and how this trust can be exploited. Kjell explains that the backdoor allowed remote code execution or unauthorized server access through SSH connections.
The exploit reveals a significant flaw: the human element in open source. Maintainers, often under pressure from company executives to quickly address vulnerabilities and updates, can become targets for social engineering. Attackers built trust within the community by contributing to projects over time, eventually gaining maintainer status and inserting malicious code. This scenario underscores the economic pressures on open source, where maintainers work unpaid and face demands from large organizations, exposing the fragility of the open-source supply chain. Despite these challenges, the community's resilience is also evident in their rapid response to such threats.
Learn more from The New Stack about Linux xz utils
Linux xz Backdoor Damage Could Be Greater Than Feared
Unzipping the XZ Backdoor and Its Lessons for Open Source
The Linux xz Backdoor Episode: An Open Source Myster
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
884 odcinków
Wszystkie odcinki
×
Zapraszamy w Player FM
Odtwarzacz FM skanuje sieć w poszukiwaniu wysokiej jakości podcastów, abyś mógł się nią cieszyć już teraz. To najlepsza aplikacja do podcastów, działająca na Androidzie, iPhonie i Internecie. Zarejestruj się, aby zsynchronizować subskrypcje na różnych urządzeniach.
Podobny do The New Stack Podcast
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Welcome to Hands-On Tech, where host Mikah Sargent turns tech troubles into tech triumphs. Each episode zooms in on a specific theme, unpacking listener questions with expert analysis and easy-to-follow advice. From decoding the latest gadgets to simplifying everyday tech, Mikah's got you covered. Submit your tech queries through email at [email protected] or via TWiT's social media. You might hear your question answered on air! Whether you're puzzled by privacy settings or curious about cutting-e ...
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
When it comes to technology, you may have questions. So do we. Every other week, we demystify the tech industry, one answer at a time. Join us as we bring together a chorus of perspectives from within Red Hat to break down the big, emerging ideas that matter both today and beyond. Compiler is hosted by Angela Andrews and Brent Simoneaux. Learn more about our show at redhat.com/en/compiler-podcast
…
continue reading
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - aplikacja do podcastów
Przejdź do trybu offline z Player FM !
Przejdź do trybu offline z Player FM !
