Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
コンテンツは Risky.biz and Patrick Gray によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Risky.biz and Patrick Gray またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Risky Bizに似ているもの
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
Technical interviews about software topics.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
Weekly wrap of events of the week peppered with context, commentary and opinion by a superstar panel. Click here to support Newslaundry: http://bit.ly/paytokeepnewsfree Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 22:00 UTC.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
))
Risky Business #743 -- A chat about the xz backdoor with the guy who found it
Manage episode 412967731 series 3234705
コンテンツは Risky.biz and Patrick Gray によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Risky.biz and Patrick Gray またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The SSH backdoor that dreams (or nightmares) are made of
- Microsoft gets a solid spanking from the CSRB
- Ukraine uses an old Russian WinRAR bug to hack Russia
- Push-notifications and social-engineering combined-arms vs Apple
- And much, much more.
We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.
This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
Show notes
- Risky Biz News: Supply chain attack in Linuxland
- oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
- Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X
- Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X
- GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
- research!rsc: The xz attack shell script
- DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
- Review of the Summer 2023 Microsoft Exchange Online Intrusion
- Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
- Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
- Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
- Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
129 つのエピソード
シェア
Manage episode 412967731 series 3234705
コンテンツは Risky.biz and Patrick Gray によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Risky.biz and Patrick Gray またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The SSH backdoor that dreams (or nightmares) are made of
- Microsoft gets a solid spanking from the CSRB
- Ukraine uses an old Russian WinRAR bug to hack Russia
- Push-notifications and social-engineering combined-arms vs Apple
- And much, much more.
We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.
This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
Show notes
- Risky Biz News: Supply chain attack in Linuxland
- oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
- Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X
- Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X
- GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
- research!rsc: The xz attack shell script
- DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
- Review of the Summer 2023 Microsoft Exchange Online Intrusion
- Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
- Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
- Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
- Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
129 つのエピソード
Semua episode
×
プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。
Risky Bizに似ているもの
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
Technical interviews about software topics.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
Weekly wrap of events of the week peppered with context, commentary and opinion by a superstar panel. Click here to support Newslaundry: http://bit.ly/paytokeepnewsfree Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 22:00 UTC.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
