The XZ Backdoor - report from our side, retrospection and looking forward (osc24)
supply chain challenges
Chaos Computer Club - archive feed · Marcus Meissner, Johannes Segitz
June 27, 202426m 11s
Audio is streamed directly from the publisher (cdn.media.ccc.de) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
End of March 2024 we faced the biggest supply chain attack we seen so far in the Open Source Ecosystem. A dedicated attacker had launched a multi year effort to backdoor the xz compression library.
openSUSE Tumbleweed contained the backdoor for 3 whole weeks before an outside researcher found it.
We will give a report on this attack, our reaction on it and also go into some future considerations to detect or avoid these kind of sophisticated attacks.
End of March 2024 we faced the biggest supply chain attack we seen so far in the Open Source Ecosystem. A dedicated attacker had launched a multi year effort to backdoor the xz compression library.
openSUSE Tumbleweed contained the backdoor for 3 whole weeks before an outside researcher found it.
We will give a report on this attack, our reaction on it and also go into some future considerations to detect or avoid these kind of sophisticated attacks.
about this event: https://c3voc.de
Topics
osc2444982024Open Source