
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
9 April 2024 - 1 hourWe look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.
It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing...

The Illusion of Control: Shadow IT, SSO Shortcomings, and the True Path to Security - Dave Lewis - ESW #413
1 hour 52 mins
30 June Finished

Broadcom, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and more... - SWN #489
31 mins
27 June Finished

Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401
1 hour 5 mins
25 June Finished

How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336
1 hour 1 min
24 June Finished