XZ made EZ by Joey DeVilla
HTML-код
- Опубликовано: 17 сен 2024
- XZ made EZ by Joey DeVilla
Description
An easy-to understand explanation of the recently-announced supply-chain attack on the xz compression utility that just about every POSIX system (macOS included) has. It would include things like:
What happened, and why is it a big deal?
What is xz ?
The social engineering aspect of the hack
The technological aspect of the hack
A big open source weakness
Mental health
Lessons learned (so far)
The talk assumes that you know very little about programming and only the barest understanding of cybersecurity (I’ll even give a one-minute explainer of public-key encryption). The idea is to communicate what happened, the effect the backdooring could have had, and what you should take away from the incident.