Sign up to save your podcasts
Or
Share The Power of #JFrog Build Info (Build Metadata)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Power of #JFrog Build Info (Build Metadata)
This episode is also available as a blog post: https://svenruppert.com/2021/10/08/the-power-of-jfrog-build-info-build-metadata/
This video will take a detailed look at what the term build-info is all about and why it will help us protect against attacks such as the Solarwinds Hack.
What is the concept behind the term - build-info?
Let's start at the very beginning and clarify the basic principle behind the term build-info. The term build-info has been coined for many years by the company JFrog, among others. This is a particular type of repository. This repository stores the information that describes the context that led to the creation of a binary file. With this information, you can now achieve a wide variety of things. What components does build-info consist of? The content of a build-info is not strictly defined. Instead, the approach that applies is that the more, the better. Of course, you have to proceed with caution here too. All possible parameters are collected. In addition to the date and time, the system on which the process was run, which operating system was used in which patch level, to active environment variables, compiler switches and library versions. The challenge is actually that it is not known which information will later be helpful and expedient. For this reason, more rather than less should be saved.
Why do we actually need a build-info?
The task of a build-info is to enable the observation, or rather, the analysis of a past situation. There can be a variety of reasons for this. For example, it can be used to improve quality, or it can be the basis for reconstructing a cyber attack that has taken place. And with that, we come straight to the event that got everything rolling in the recent past. Trigger - SolarWinds Hack One of the others will have heard or read something about it. We are talking about one of the most significant cyberattacks that have ever taken place. It's the SolarWinds Hack. Here it was not the final target that was attacked directly, but a point in the supply chain. SolarWinds is a software company that provides a product for managing network infrastructure. With just over 300,000 customers worldwide, this software's automatic update process has been the target of the attack. It was not the update process itself that was compromised, but the creation of the binaries that will be distributed with this update process. The attack took place on the company's CI route to immediately infect the newly created binaries with each build. Here the CI route was manipulated so that another component was added to the binary to be generated. This component can be thought of as a kind of initial charge. As soon as this has been ignited or activated, further components are dynamically reloaded. As a result, each infection had different forms. These files were then offered to all customers by means of an automatic update. Thus, over 15,000 systems were infiltrated within a short time.
...
Cheers Sven
View all episodes
By Sven RuppertThis episode is also available as a blog post: https://svenruppert.com/2021/10/08/the-power-of-jfrog-build-info-build-metadata/
This video will take a detailed look at what the term build-info is all about and why it will help us protect against attacks such as the Solarwinds Hack.
What is the concept behind the term - build-info?
Let's start at the very beginning and clarify the basic principle behind the term build-info. The term build-info has been coined for many years by the company JFrog, among others. This is a particular type of repository. This repository stores the information that describes the context that led to the creation of a binary file. With this information, you can now achieve a wide variety of things. What components does build-info consist of? The content of a build-info is not strictly defined. Instead, the approach that applies is that the more, the better. Of course, you have to proceed with caution here too. All possible parameters are collected. In addition to the date and time, the system on which the process was run, which operating system was used in which patch level, to active environment variables, compiler switches and library versions. The challenge is actually that it is not known which information will later be helpful and expedient. For this reason, more rather than less should be saved.
Why do we actually need a build-info?
The task of a build-info is to enable the observation, or rather, the analysis of a past situation. There can be a variety of reasons for this. For example, it can be used to improve quality, or it can be the basis for reconstructing a cyber attack that has taken place. And with that, we come straight to the event that got everything rolling in the recent past. Trigger - SolarWinds Hack One of the others will have heard or read something about it. We are talking about one of the most significant cyberattacks that have ever taken place. It's the SolarWinds Hack. Here it was not the final target that was attacked directly, but a point in the supply chain. SolarWinds is a software company that provides a product for managing network infrastructure. With just over 300,000 customers worldwide, this software's automatic update process has been the target of the attack. It was not the update process itself that was compromised, but the creation of the binaries that will be distributed with this update process. The attack took place on the company's CI route to immediately infect the newly created binaries with each build. Here the CI route was manipulated so that another component was added to the binary to be generated. This component can be thought of as a kind of initial charge. As soon as this has been ignited or activated, further components are dynamically reloaded. As a result, each infection had different forms. These files were then offered to all customers by means of an automatic update. Thus, over 15,000 systems were infiltrated within a short time.
...
Cheers Sven