Gabriel Custodiet speaks with Urban Hacker about the infamous XZ backdoor incident by which a key piece of software in the Linux kernel was nearly hijacked. The attacker spent four years slowly ingratiating himself into the small community, which had been selected precisely because it consisted of a single burned-out developer. Follow us as we unravel this bizarre and disturbing story of premeditated digital attack and what it means for free and open-source software and our own cybersecurity.
Mentioned →https://urbanhacker.net/a-closer-look-at-the-social-engineering-behind-the-xz-backdoor-part-one/ →https://en.wikipedia.org/wiki/XZ_Utils_backdoor
Guest Links → https://urbanhacker.net/ → https://twitter.com/realUrbanHacker → https://t.me/Realurbanhacker (Telegram) → https://tallycoin.app/@realurbanhacker/the-orange-pill-simulator-zzjq3lmF (Urban Hacker’s Bitcoin game)
Watchman Privacy → https://watchmanprivacy.com → https://twitter.com/watchmanprivacy → https://www.amazon.com/Watchman-Guide-Privacy-Financial-Lifestyle/dp/B08PX7KFS2
Privacy Courses (supports the show) → https://rpf.gumroad.com/l/privatebitcoin → https://rpf.gumroad.com/l/hackproof
Monero Donation (supports the show) →8829DiYwJ344peEM7SzUspMtgUWKAjGJRHmu4Q6R8kEWMpafiXPPNBkeRBhNPK6sw27urqqMYTWWXZrsX6BLRrj7HiooPAy
Bitcoin Donation (supports the show) →https://btcpay0.voltageapp.io/apps/3JDQDSj2rp56KDffH5sSZL19J1Lh/pos
Please subscribe to and rate this podcast wherever you can to help it thrive. Thank you! → https://www.youtube.com/@WatchmanPrivacy →https://odysee.com/@WatchmanPrivacy
Timeline 0:00 – Introduction 2:25 – What is XZ Utils? 4:17 – How does GitHub work? 15:15 – Summary of XZ Utils backdoor incident 18:00 – Social engineering 21:00 – Technical implementation of the backdoor attack 28:00 – Potential consequences of this attempted attack 30:10 – How was it found? 33:00 – Does this expose a major weakness of FOSS? 38:25 – Similar supply chain cyber attacks 43:00 – Final thoughts
#XZBackDoor #UrbanHacker #WatchmanPrivacy