SE Radio 630: Luis Rodríguez on the SSH Backdoor Attack

SE Radio 630: Luis Rodríguez on the SSH Backdoor Attack

Author: SE-Radio Team August 22, 2024 Duration: 44:00
Software Engineering Radio - The Podcast for Professional Software Developers
TechnologyHow To
Luis Rodríguez, CTO of Xygeni.io, joins host Robert Blumen for a discussion of the recently thwarted attempt to insert a backdoor in the SSH (Secure Shell) daemon. OpenSSH is a popular implementation of the protocol used in major Linux distributions for authentication over a network. Luis describes how a backdoor in a supporting library was recently discovered and removed before the package was published to stable releases of the Linux distros. The conversation explores the mechanism of the attack through modifying a function table in the runtime; how the attack was inserted during the build; how the attack was carefully staged in a series of modifications to the lz compression library; the nature of "Jia Tan," the entity who committed the changes to the open source project; social engineering that the entity used to gain the trust of the open source community; what forensics indicates about the location of the entity; hypotheses about whether criminal or state actors backed the entity; how the attack was detected; implications for other open source projects; why traditional methods for detecting exploits would not have helped find this; and lessons learned by the community. Brought to you by IEEE Computer Society and IEEE Software magazine.

For developers who think deeply about their craft, Software Engineering Radio-The Podcast for Professional Software Developers offers a steady, thoughtful conversation about building software. This isn't about chasing headlines or quick tips; it's a deliberate exploration of the principles, patterns, and hard-won insights that define lasting work in the field. The SE-Radio Team creates each episode as original, standalone content, ensuring you get focused depth rather than recycled conference talks. Every ten days, a new installment arrives, alternating between detailed tutorial-style deep dives on specific technologies or methodologies and candid interviews with influential voices and practitioners from across the industry. Tuning in means joining a continuous learning journey where complex topics are broken down with clarity, from system architecture and language design to team dynamics and career development. This podcast serves as a reliable educational archive, a resource you can return to as your experience grows, always anchored in the realities and challenges faced by professional developers every day.
Author: Language: en-us Episodes: 100

Official website RSS
spotifydeezer
Software Engineering Radio - The Podcast for Professional Software Developers
Podcast Episodes
SE Radio 647: Praveen Gujar on Gen AI for Digital Ad Tech Platforms [not-audio_url] [/not-audio_url]

Duration: 52:01
Praveen Gujar, Director of Product at LinkedIn, joins SE Radio host Kanchan Shringi for a discussion on how generative AI (GenAI) is transforming digital advertising technology platforms. The conversation starts with a l…
SE Radio 646: Matthew Skelton on Team Topologies [not-audio_url] [/not-audio_url]

Duration: 57:08
Matthew Skelton joins host Giovanni Asproni to talk about team topologies—an approach to organizing teams for fast flow of value. The episode starts with a description of the underlying principles before exploring the ap…
SE Radio 645: Vinay Tripathi on BGP Optimization [not-audio_url] [/not-audio_url]

Duration: 59:22
Vinay Tripathi, a senior network engineer in Google Backbone Engineering and an 18-year network engineering veteran, discusses BGP optimization, a technique that's critical in achieving top goals in distributed applicati…
SE Radio 644: Tim McNamara on Error Handling in Rust [not-audio_url] [/not-audio_url]

Duration: 1:09:12
Tim McNamara, a well-known Rust educator, author of Rust in Action (Manning), and a recipient of a Rust Foundation Fellowship in 2023, speaks with SE Radio host Gavin Henry about error handling in Rust. They discuss the…
SE Radio 643: Ganesh Datta on Production Readiness [not-audio_url] [/not-audio_url]

Duration: 53:15
Ganesh Datta, co-founder of Cortex.io, joins host Robert Blumen for a conversation about production readiness. The conversation covers the history of production readiness; its relationship to microservice architecture; t…
SE Radio 642: Simon Wijckmans on Third-Party Browser Script Security [not-audio_url] [/not-audio_url]

Duration: 1:07:32
Simon Wijckmans, founder of c/side -- a company that focuses on monitoring, securing, and optimizing third-party JavaScript -- joins SE Radio host Kanchan Shringi for a conversation about the security risks posed by thir…
SE Radio 641: Catherine Nelson on Machine Learning in Data Science [not-audio_url] [/not-audio_url]

Duration: 48:19
Catherine Nelson, author of the new O'Reilly book, Software Engineering for Data Scientists, discusses the collaboration between data scientists and software engineers -- an increasingly common pairing on machine learnin…
SE Radio 640: Jonathan Horvath on Physical Security [not-audio_url] [/not-audio_url]

Duration: 59:19
Jonathan Horvath of Z-bit discusses physical access control systems (PACS) with host Jeremy Jung. They start with an overview of PACS components and discuss the proprietary nature of the industry, the slow pace of migrat…
SE Radio 639: Cody Ebberson on Regulated Industries [not-audio_url] [/not-audio_url]

Duration: 39:20
Cody Ebberson, CTO of Medplum, joins host Sam Taggart to discuss the constraints that working in regulated industries add to the software development process. They explore some general aspects of developing for regulated…

«1...45678910»