Microsoft Threat Intelligence Podcast

Behind the Scenes of the XZ vuln with Andres Freund and Thomas Roccia

Listen Later

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Thomas Roccia and Andres Freund. Andres stumbled upon a security issue within SSH while investigating performance discrepancies. He discovered a sophisticated backdoor, skillfully concealed within the LZMA library, part of the XZ package. Sherrod, Thomas, and Andres discuss the importance of proactive security measures and code review in the open-source community. They emphasize the critical role of community collaboration in identifying and mitigating security threats effectively and signal the need for heightened vigilance.  

  

In this episode you’ll learn:      
  • The importance of proactive security and code review in the open-source community 
  • Why anomalies in software behavior should prompt curiosity and investigation 
  • Open-source community cooperation is vital for spotting and addressing security risks 

    •  

    Some questions we ask:     
    • Could you explain the security issue you found in SSH and its significance? 
    • How serious is this threat, and what steps can organizations take to defend against it? 
    • What advice do you have for open-source contributors? 

      •  

      Resources:  

      View Andres Freund on LinkedIn  

      View Thomas Roccia on LinkedIn     

      View Sherrod DeGrippo on LinkedIn  

       

      Related Microsoft Podcasts:                   
      • Afternoon Cyber Tea with Ann Johnson 
      • The BlueHat Podcast 
      • Uncovering Hidden Risks     

         


        Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

        Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

         

        The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

        ...more
        View all episodesView all episodes
        Download on the App Store
        Microsoft Threat Intelligence PodcastBy Microsoft
        • 5
        • 5
        • 5
        • 5
        • 5

        5

        19 ratings

        More shows like Microsoft Threat Intelligence Podcast

        View all
        Security Now (Audio) by TWiT

        Security Now (Audio)

        1,971 Listeners

        Risky Business by Patrick Gray

        Risky Business

        361 Listeners

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

        628 Listeners

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

        366 Listeners

        CyberWire Daily by N2K Networks

        CyberWire Daily

        1,007 Listeners

        Smashing Security by Graham Cluley & Carole Theriault

        Smashing Security

        311 Listeners

        Click Here by Recorded Future News

        Click Here

        406 Listeners

        Malicious Life by Malicious Life

        Malicious Life

        927 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        7,865 Listeners

        Cybersecurity Today by Jim Love

        Cybersecurity Today

        171 Listeners

        CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

        CISO Series Podcast

        187 Listeners

        Hacking Humans by N2K Networks

        Hacking Humans

        314 Listeners

        Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

        Defense in Depth

        74 Listeners

        Cyber Security Headlines by CISO Series

        Cyber Security Headlines

        129 Listeners

        Risky Bulletin by risky.biz

        Risky Bulletin

        33 Listeners