Episode 413
Episode 413 - PyTorch and NPM get attacked, but it's OK
Open Source Security · Open Source Security
January 29, 202435m 19s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Josh and Kurt talk about an attack against PyTorch and NPM. The PyTorch attack shows the difficulty of trying to operate a large open source project. The NPM problem is one of the difficulty in trying to backdoor open source. A lot of people are watching and it only takes one person to notice a problem and we all benefit.
Show Notes- Peanut Butter the dog plays Gyromite
- The Wizard movie
- PyTorch supply chain attack
- npm Package Found Delivering Sophisticated RAT
- Deceptive Deprecation: The Truth About npm Deprecated Packages
- Changing a lightbulb
- Spelunking the Bitcoin Blockchain with Josh Bressers | CypherCon 4.0
- Operation Triangulation - What You Get When Attack iPhones of Researchers
- 9th Annual State of the Software Supply Chain