Microsoft Threat Intelligence Podcast

Behind the Scenes of the XZ vuln with Andres Freund and Thomas Roccia

Listen Later

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Thomas Roccia and Andres Freund. Andres stumbled upon a security issue within SSH while investigating performance discrepancies. He discovered a sophisticated backdoor, skillfully concealed within the LZMA library, part of the XZ package. Sherrod, Thomas, and Andres discuss the importance of proactive security measures and code review in the open-source community. They emphasize the critical role of community collaboration in identifying and mitigating security threats effectively and signal the need for heightened vigilance.  

  

In this episode you’ll learn:      
  • The importance of proactive security and code review in the open-source community 
  • Why anomalies in software behavior should prompt curiosity and investigation 
  • Open-source community cooperation is vital for spotting and addressing security risks 

    •  

    Some questions we ask:     
    • Could you explain the security issue you found in SSH and its significance? 
    • How serious is this threat, and what steps can organizations take to defend against it? 
    • What advice do you have for open-source contributors? 

      •  

      Resources:  

      View Andres Freund on LinkedIn  

      View Thomas Roccia on LinkedIn     

      View Sherrod DeGrippo on LinkedIn  

       

      Related Microsoft Podcasts:                   
      • Afternoon Cyber Tea with Ann Johnson 
      • The BlueHat Podcast 
      • Uncovering Hidden Risks     

         


        Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

        Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

         

        The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

        ...more
        View all episodesView all episodes
        Download on the App Store
        Microsoft Threat Intelligence PodcastBy Microsoft
        • 5
        • 5
        • 5
        • 5
        • 5

        5

        21 ratings

        More shows like Microsoft Threat Intelligence Podcast

        View all
        Risky Business by Patrick Gray

        Risky Business

        364 Listeners

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

        638 Listeners

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

        Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

        370 Listeners

        Hacked by Hacked

        Hacked

        180 Listeners

        CyberWire Daily by N2K Networks

        CyberWire Daily

        1,014 Listeners

        Smashing Security by Graham Cluley

        Smashing Security

        318 Listeners

        Click Here by Recorded Future News

        Click Here

        405 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        7,959 Listeners

        Cybersecurity Today by Jim Love

        Cybersecurity Today

        174 Listeners

        CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

        CISO Series Podcast

        189 Listeners

        Hacking Humans by N2K Networks

        Hacking Humans

        316 Listeners

        Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

        Defense in Depth

        77 Listeners

        Cyber Security Headlines by CISO Series

        Cyber Security Headlines

        128 Listeners

        Risky Bulletin by risky.biz

        Risky Bulletin

        43 Listeners

        Hacker And The Fed by Chris Tarbell & Hector Monsegur

        Hacker And The Fed

        169 Listeners