230: Maybe Gentoo Was Right All Along
This week we attempt to unpack the recent, historic security breach in the open source world, after the discovery of a secret backdoor that was inserted by a malicious actor into the the xz-utils package, with a focus on which specific Linux distros were targeted and why, how the attacker socially engineered their way into the position of authority that made this possible, and what ought to be done to support developers of critical infrastructure to (hopefully) prevent this from happening again. Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod
Brad & Will Made a Tech Pod. · Brad Shoemaker, Will Smith
Audio is streamed directly from the publisher (cdn.simplecast.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
This week we attempt to unpack the recent, historic security breach in the open source world, after the discovery of a secret backdoor that was inserted by a malicious actor into the the xz-utils package, with a focus on which specific Linux distros were targeted and why, how the attacker socially engineered their way into the position of authority that made this possible, and what ought to be done to support developers of critical infrastructure to (hopefully) prevent this from happening again.
Show notes for this episode: https://tinyurl.com/techpod-230-xz-backdoor
Go watch Pirates of Silicon Valley for an upcoming episode where we'll discuss it: https://archive.org/details/piratesofsiliconvalley_201908
Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, a monthly bonus episode, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod