Sign up to save your podcasts
Or
Share The XZ Backdoor - report from our side, retrospection and looking forward (osc24)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The XZ Backdoor - report from our side, retrospection and looking forward (osc24)
End of March 2024 we faced the biggest supply chain attack we seen so far in the Open Source Ecosystem. A dedicated attacker had launched a multi year effort to backdoor the xz compression library.
openSUSE Tumbleweed contained the backdoor for 3 whole weeks before an outside researcher found it.
We will give a report on this attack, our reaction on it and also go into some future considerations to detect or avoid these kind of sophisticated attacks.
End of March 2024 we faced the biggest supply chain attack we seen so far in the Open Source Ecosystem. A dedicated attacker had launched a multi year effort to backdoor the xz compression library.
openSUSE Tumbleweed contained the backdoor for 3 whole weeks before an outside researcher found it.
We will give a report on this attack, our reaction on it and also go into some future considerations to detect or avoid these kind of sophisticated attacks.
about this event: https://c3voc.de
View all episodes
End of March 2024 we faced the biggest supply chain attack we seen so far in the Open Source Ecosystem. A dedicated attacker had launched a multi year effort to backdoor the xz compression library.
openSUSE Tumbleweed contained the backdoor for 3 whole weeks before an outside researcher found it.
We will give a report on this attack, our reaction on it and also go into some future considerations to detect or avoid these kind of sophisticated attacks.
End of March 2024 we faced the biggest supply chain attack we seen so far in the Open Source Ecosystem. A dedicated attacker had launched a multi year effort to backdoor the xz compression library.
openSUSE Tumbleweed contained the backdoor for 3 whole weeks before an outside researcher found it.
We will give a report on this attack, our reaction on it and also go into some future considerations to detect or avoid these kind of sophisticated attacks.
about this event: https://c3voc.de