SE Radio 630: Luis Rodríguez on the SSH Backdoor Attack

SE Radio 630: Luis Rodríguez on the SSH Backdoor Attack

Author: team@se-radio.net (SE-Radio Team) August 22, 2024 Duration: 44:00
Software Engineering Radio - the podcast for professional software developers
TechnologyEducation

Luis Rodríguez, CTO of Xygeni.io, joins host Robert Blumen for a discussion of the recently thwarted attempt to insert a backdoor in the SSH (Secure Shell) daemon. OpenSSH is a popular implementation of the protocol used in major Linux distributions for authentication over a network. Luis describes how a backdoor in a supporting library was recently discovered and removed before the package was published to stable releases of the Linux distros. The conversation explores the mechanism of the attack through modifying a function table in the runtime; how the attack was inserted during the build; how the attack was carefully staged in a series of modifications to the lz compression library; the nature of "Jia Tan," the entity who committed the changes to the open source project; social engineering that the entity used to gain the trust of the open source community; what forensics indicates about the location of the entity; hypotheses about whether criminal or state actors backed the entity; how the attack was detected; implications for other open source projects; why traditional methods for detecting exploits would not have helped find this; and lessons learned by the community.

Brought to you by IEEE Computer Society and IEEE Software magazine.


For developers who build the world's most critical systems, Software Engineering Radio offers deep, substantive conversations that move beyond the hype cycle. This isn't about quick tips or news flashes; it's a dedicated audio library for career engineers seeking to solidify their foundational knowledge and explore advanced concepts. Each episode is crafted as an enduring resource, featuring either a comprehensive tutorial breaking down a specific technology or methodology, or a detailed interview with a leading practitioner shaping the field. You'll hear focused discussions on everything from low-level systems architecture and programming language design to team dynamics and project management, all through the lens of professional software creation. The content is exclusively produced for this podcast, ensuring thoughtful, in-depth analysis you won't find simply repackaged from conference talks. If your work demands a rigorous understanding of the craft, this is the podcast for you.
Author: Language: en-us Episodes: 100

Official website RSS
spotifydeezer
Software Engineering Radio - the podcast for professional software developers
Podcast Episodes
SE Radio 717: Eric Tschetter on Decoupling Observability [not-audio_url] [/not-audio_url]

Duration: 1:00:13
In this episode, host Amey Ambade sits with Eric Tschetter, co-founder of Apache Druid and Chief Architect at Imply, to dissect the critical move toward Decoupling Observability. To begin, they define three pillars—logs,…
SE Radio 716: Martin Kleppmann Local-First Software [not-audio_url] [/not-audio_url]

Duration: 55:14
Martin Kleppmann, Associate Professor at the University of Cambridge and author of the best-selling O'Reilly book Designing Data-Intensive Applications, talks to host Adi Narayan about local-first collaboration software.…
SE Radio 715: Sahaj Garg on Designing for Ambiguity in Human Input [not-audio_url] [/not-audio_url]

Duration: 48:02
Sahaj Garg, co-founder and CTO of Wispr, a voice-to-text AI that turns speech into polished writing, talks with host Amey Ambade about designing systems for the ambiguity that's inherent in human input (text, voice, mult…
SE Radio 714: Costa Alexoglou on Remote Pair Programming [not-audio_url] [/not-audio_url]

Duration: 51:27
Costa Alexoglou, co-founder of the open source Hopp pair-programming application, talks with host Brijesh Ammanath about remote pair programming. They start with a quick introduction to pair programming and its importanc…
SE Radio 712: Dan Lorenc on Sigstore [not-audio_url] [/not-audio_url]

Duration: 39:04
Dan Lorenc, co-founder and CEO of Chainguard, joins host Priyanka Raghavan to explore Sigstore and its role in securing the software supply chain. They unpack the challenges of supply chain security, including verifying…
SE Radio 711: Scott Hanselman on AI-Assisted Development Tools [not-audio_url] [/not-audio_url]

Duration: 1:02:15
Scott Hanselman, the VP of Developer Community at Microsoft, speaks with host Jeremy Jung about AI-assisted coding. They start by considering how the tools are a progression from syntax highlighting and autocomplete. Sco…
SE Radio 710: Marc Brooker on Spec-Driven AI Dev [not-audio_url] [/not-audio_url]

Duration: 1:03:27
Marc Brooker, VP and Distinguished Engineer at AWS, joins host Kanchan Shringi to explore specification-driven development as a scalable alternative to prompt-by-prompt "vibe coding" in AI-assisted software engineering.…
SE Radio 709: Bryan Cantrill on the Data Center Control Plane [not-audio_url] [/not-audio_url]

Duration: 1:05:02
Bryan Cantrill, the co-founder and CTO of Oxide Computer company, speaks with host Jeremy Jung about challenges in deploying hardware on-premises at scale. They discuss the difficulty of building up Samsung data centers…
SE Radio 708: Jens Gustedt on C in 2026 [not-audio_url] [/not-audio_url]

Duration: 59:27
Jens Gustedt, author of Modern C, senior scientist at the French National Institute for Computer Science and Control (INRIA), deputy director of the ICube lab, and former co-editor of the ISO C standard, speaks with SE R…

12345...10»