XZ Backdoor: A FOSS Danger Story

Episode 104 of The Watchman Privacy Podcast – XZ Backdoor: A FOSS Danger Story

Gabriel Custodiet speaks with Urban Hacker about the infamous XZ backdoor incident by which a key piece of software in the Linux kernel was nearly hijacked. The attacker spent four years slowly ingratiating himself into the small community, which had been selected precisely because it consisted of a single burned-out developer. Follow us as we unravel this bizarre and disturbing story of premeditated digital attack and what it means for free and open-source software and our own cybersecurity.

Mentioned
→https://urbanhacker.net/a-closer-look-at-the-social-engineering-behind-the-xz-backdoor-part-one/
→https://en.wikipedia.org/wiki/XZ_Utils_backdoor

Guest Links
→ https://urbanhacker.net/
→ https://twitter.com/realUrbanHacker
→ https://t.me/Realurbanhacker (Telegram)
→ https://tallycoin.app/@realurbanhacker/the-orange-pill-simulator-zzjq3lmF (Urban Hacker’s Bitcoin game)

WATCHMAN PRIVACY
→ https://watchmanprivacy.com (Yes: I offer consulting)
→ https://twitter.com/watchmanprivacy
→ https://escapethetechnocracy.com/

CRYPTO DONATIONS
→8829DiYwJ344peEM7SzUspMtgUWKAjGJRHmu4Q6R8kEWMpafiXPPNBkeRBhNPK6sw27urqqMYTWWXZrsX6BLRrj7HiooPAy (Monero)
→https://btcpay0.voltageapp.io/apps/3JDQDSj2rp56KDffH5sSZL19J1Lh/pos (BTC)

Timeline
0:00 – Introduction
2:25 – What is XZ Utils?
4:17 – How does GitHub work?
15:15 – Summary of XZ Utils backdoor incident
18:00 – Social engineering
21:00 – Technical implementation of the backdoor attack
28:00 – Potential consequences of this attempted attack
30:10 – How was it found?
33:00 – Does this expose a major weakness of FOSS?
38:25 – Similar supply chain cyber attacks
43:00 – Final thoughts

#XZBackDoor #UrbanHacker #WatchmanPrivacy