SE Radio 630: Luis Rodríguez on the SSH Backdoor Attack

SE Radio 630: Luis Rodríguez on the SSH Backdoor Attack

Author: team@se-radio.net (SE-Radio Team) August 22, 2024 Duration: 44:00
Software Engineering Radio - the podcast for professional software developers
TechnologyEducation

Luis Rodríguez, CTO of Xygeni.io, joins host Robert Blumen for a discussion of the recently thwarted attempt to insert a backdoor in the SSH (Secure Shell) daemon. OpenSSH is a popular implementation of the protocol used in major Linux distributions for authentication over a network. Luis describes how a backdoor in a supporting library was recently discovered and removed before the package was published to stable releases of the Linux distros. The conversation explores the mechanism of the attack through modifying a function table in the runtime; how the attack was inserted during the build; how the attack was carefully staged in a series of modifications to the lz compression library; the nature of "Jia Tan," the entity who committed the changes to the open source project; social engineering that the entity used to gain the trust of the open source community; what forensics indicates about the location of the entity; hypotheses about whether criminal or state actors backed the entity; how the attack was detected; implications for other open source projects; why traditional methods for detecting exploits would not have helped find this; and lessons learned by the community.

Brought to you by IEEE Computer Society and IEEE Software magazine.


For developers who build the world's most critical systems, Software Engineering Radio offers deep, substantive conversations that move beyond the hype cycle. This isn't about quick tips or news flashes; it's a dedicated audio library for career engineers seeking to solidify their foundational knowledge and explore advanced concepts. Each episode is crafted as an enduring resource, featuring either a comprehensive tutorial breaking down a specific technology or methodology, or a detailed interview with a leading practitioner shaping the field. You'll hear focused discussions on everything from low-level systems architecture and programming language design to team dynamics and project management, all through the lens of professional software creation. The content is exclusively produced for this podcast, ensuring thoughtful, in-depth analysis you won't find simply repackaged from conference talks. If your work demands a rigorous understanding of the craft, this is the podcast for you.
Author: Language: en-us Episodes: 100

Official website RSS
spotifydeezer
Software Engineering Radio - the podcast for professional software developers
Podcast Episodes
SE Radio 647: Praveen Gujar on Gen AI for Digital Ad Tech Platforms [not-audio_url] [/not-audio_url]

Duration: 52:01
Praveen Gujar, Director of Product at LinkedIn, joins SE Radio host Kanchan Shringi for a discussion on how generative AI (GenAI) is transforming digital advertising technology platforms. The conversation starts with a l…
SE Radio 646: Matthew Skelton on Team Topologies [not-audio_url] [/not-audio_url]

Duration: 57:08
Matthew Skelton joins host Giovanni Asproni to talk about team topologies—an approach to organizing teams for fast flow of value. The episode starts with a description of the underlying principles before exploring the ap…
SE Radio 645: Vinay Tripathi on BGP Optimization [not-audio_url] [/not-audio_url]

Duration: 59:22
Vinay Tripathi, a senior network engineer in Google Backbone Engineering and an 18-year network engineering veteran, discusses BGP optimization, a technique that's critical in achieving top goals in distributed applicati…
SE Radio 644: Tim McNamara on Error Handling in Rust [not-audio_url] [/not-audio_url]

Duration: 1:09:12
Tim McNamara, a well-known Rust educator, author of Rust in Action (Manning), and a recipient of a Rust Foundation Fellowship in 2023, speaks with SE Radio host Gavin Henry about error handling in Rust. They discuss the…
SE Radio 643: Ganesh Datta on Production Readiness [not-audio_url] [/not-audio_url]

Duration: 53:15
Ganesh Datta, co-founder of Cortex.io, joins host Robert Blumen for a conversation about production readiness. The conversation covers the history of production readiness; its relationship to microservice architecture; t…
SE Radio 642: Simon Wijckmans on Third-Party Browser Script Security [not-audio_url] [/not-audio_url]

Duration: 1:07:32
Simon Wijckmans, founder of c/side -- a company that focuses on monitoring, securing, and optimizing third-party JavaScript -- joins SE Radio host Kanchan Shringi for a conversation about the security risks posed by thir…
SE Radio 641: Catherine Nelson on Machine Learning in Data Science [not-audio_url] [/not-audio_url]

Duration: 48:19
Catherine Nelson, author of the new O'Reilly book, Software Engineering for Data Scientists, discusses the collaboration between data scientists and software engineers -- an increasingly common pairing on machine learnin…
SE Radio 640: Jonathan Horvath on Physical Security [not-audio_url] [/not-audio_url]

Duration: 59:19
Jonathan Horvath of Z-bit discusses physical access control systems (PACS) with host Jeremy Jung. They start with an overview of PACS components and discuss the proprietary nature of the industry, the slow pace of migrat…
SE Radio 639: Cody Ebberson on Regulated Industries [not-audio_url] [/not-audio_url]

Duration: 39:20
Cody Ebberson, CTO of Medplum, joins host Sam Taggart to discuss the constraints that working in regulated industries add to the software development process. They explore some general aspects of developing for regulated…

«1...45678910»