Dark mode: ON

Infosec Decoded Season 4 #27: XZ Backdoor

With Doug Spindler and @sambowne@infosec.exchange

Tue, Apr 2, 2024

Doug Spindler

Can deepfakes be used for the greater good?
Deep fakes being used in Arizona politics for the “Greater Good”?
Kari Lake who lost election in Arizona complaining election was stolen by voter fraud
Now made a video telling voters about voter fraud from Deep fakes, but the video is a deep fake

Gmail turned 20 on April 1st - on April 1st , 2024
one of the first programs With data stored in the cloud

An Accidental Discovery of a Backdoor Likely Prevented Thousands of Infections
What we know about the xz Utils backdoor that almost infected the world
Problem using open source software and libraries maintain by one person
XZ Library widely used for compressing files and login and Macs/Home Brew and Linux
A ”Supply Chain attack”
SSH Back door
XZ vulnerability found by accident by Microsoft engineer
Engineer happened to notice a library was taking 500 milliseconds longer then it should to run
Years in the planning
Back patching down grading for Macs and Linux
Related - Browser plugin malware - Legitimate Browser plugin authors offered large some of money to include tracking software in plugin. Plug-in authors are tracking number of request…. 90 so far

Sam Bowne

Rust developers at Google are twice as productive as C++ teams

This cap is a big step towards universal, noninvasive brain-computer interfaces

Google agrees to delete Incognito data despite prior claim that’s “impossible”