Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Contenido proporcionado por Risky.biz and Patrick Gray. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Risky.biz and Patrick Gray o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
Similar a Risky Biz
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry. Hosted by Zoe Thomas
…
continue reading
Technical interviews about software topics.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 21:00 UTC.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
Hosted by former Marvel entertainment lawyer Paul Sarker and entertainment enthusiast Mesh Lakhani, Better Call Paul will delve into the business and legal issues at play behind the glitz and glam. This show takes you beyond the catchy headlines to find out what’s really at play behind the scenes and gives you an introduction to the business side of show business.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
The day's biggest news dissected by the day's newsmakers. Diverse opinions from across the political spectrum. The show that makes you decide, are you the Left, Right or the Centre?
…
continue reading
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !
¡Desconecta con la aplicación Player FM !
))
Risky Business #743 -- A chat about the xz backdoor with the guy who found it
Manage episode 412967731 series 3234705
Contenido proporcionado por Risky.biz and Patrick Gray. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Risky.biz and Patrick Gray o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The SSH backdoor that dreams (or nightmares) are made of
- Microsoft gets a solid spanking from the CSRB
- Ukraine uses an old Russian WinRAR bug to hack Russia
- Push-notifications and social-engineering combined-arms vs Apple
- And much, much more.
We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.
This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
Show notes
- Risky Biz News: Supply chain attack in Linuxland
- oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
- Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X
- Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X
- GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
- research!rsc: The xz attack shell script
- DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
- Review of the Summer 2023 Microsoft Exchange Online Intrusion
- Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
- Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
- Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
- Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
129 episodios
Compartir
Manage episode 412967731 series 3234705
Contenido proporcionado por Risky.biz and Patrick Gray. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Risky.biz and Patrick Gray o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The SSH backdoor that dreams (or nightmares) are made of
- Microsoft gets a solid spanking from the CSRB
- Ukraine uses an old Russian WinRAR bug to hack Russia
- Push-notifications and social-engineering combined-arms vs Apple
- And much, much more.
We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.
This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
Show notes
- Risky Biz News: Supply chain attack in Linuxland
- oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
- Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X
- Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X
- GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
- research!rsc: The xz attack shell script
- DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
- Review of the Summer 2023 Microsoft Exchange Online Intrusion
- Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
- Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
- Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
- Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
129 episodios
Semua episode
×
Bienvenido a Player FM!
Player FM está escaneando la web en busca de podcasts de alta calidad para que los disfrutes en este momento. Es la mejor aplicación de podcast y funciona en Android, iPhone y la web. Regístrate para sincronizar suscripciones a través de dispositivos.
Similar a Risky Biz
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry. Hosted by Zoe Thomas
…
continue reading
Technical interviews about software topics.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman, Matthew Brown, and Rob Litterst from The Hustle.
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 21:00 UTC.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
Hosted by former Marvel entertainment lawyer Paul Sarker and entertainment enthusiast Mesh Lakhani, Better Call Paul will delve into the business and legal issues at play behind the glitz and glam. This show takes you beyond the catchy headlines to find out what’s really at play behind the scenes and gives you an introduction to the business side of show business.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
The day's biggest news dissected by the day's newsmakers. Diverse opinions from across the political spectrum. The show that makes you decide, are you the Left, Right or the Centre?
…
continue reading
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !
¡Desconecta con la aplicación Player FM !
