Risky Business Podcast
April 03, 2024
Risky Business #743 -- A chat about the xz backdoor with the guy who found it
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The SSH backdoor that dreams (or nightmares) are made of
- Microsoft gets a solid spanking from the CSRB
- Ukraine uses an old Russian WinRAR bug to hack Russia
- Push-notifications and social-engineering combined-arms vs Apple
- And much, much more.
We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.
This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
Brought to you by Island
The Enterprise Browser
Show notes
Risky Biz News: Supply chain attack in Linuxland
oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
research!rsc: The xz attack shell script
DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
Review of the Summer 2023 Microsoft Exchange Online Intrusion
Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away