Discovering the XZ Backdoor with Andres Freund
Oxide and Friends - A podcast by Oxide Computer Company
Categories:
Andres Freund joined Bryan and Adam to talk about his discovery of the xz backdoor. It’s an incredible story… so great to get into the details with Andres. We started by ranting about the coverage in the New York Times… coverage that explicitly refused to dig into the details! It’s all the more shocking because the big story here is how Andres’ penchant for digging into the details is what saved us all from what would have been a pervasive and damaging attack!In addition to Bryan Cantrill and Adam Leventhal, we were joined by special guest Andres Freund.Our research for this episode:Andres' initial public disclosureNew York Times: Did One Guy Just Stop a Huge Cyberattack? by Kevin RooseKevin RooseNew York Times front page from April 4th, 2024How I got started as a developer with Andres Freund & Heikki Linnakangas | Path To Citus Con Ep08The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind | WIREDHow one volunteer stopped a backdoor from exposing Linux systems worldwide - The VergeLinux backdoor was a long con, possibly with nation-state support, experts say - Nextgov/FCWresearch!rsc: Timeline of the xz open source attackBrian Krebs thread on mastodonXz/liblzma: Bash-stage Obfuscation ExplainedA Microcosm of the interactions in Open Source projectsRisky Business #743 -- A chat about the xz backdoor with the guy who found it (podcast)Risky Biz News: F-Droid narrowly avoided XZ-like incident in 2020 (podcast)What we know about the xz Utils backdoor that almost infected the world | Ars TechnicaEverything I know about the XZ backdoorLINUX Unplugged 556: The xz Backdoor Exposed 🚨 (podcast)If we got something wrong or missed something, please file a PR! Our next show will likely be on Monday at 5p Pacific Time on our Discord server; stay tuned to our Mastodon feeds for details, or subscribe to this calendar. We'd love to have you join us, as we always love to hear from new speakers!Recorded April 8th, 2024