OWASP Oopsies and Calling XZ What It Is - ThreatWire
ฝัง
- เผยแพร่เมื่อ 25 ก.ค. 2024
- ⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → / threatwire
@endingwithali →
Twitch: / endingwithali
Twitter: / endingwithali
TH-cam: / @endingwithali
Everywhere else: links.ali.dev
@0xTib3rius
Twitter: / 0xtib3rius
Twitch: / 0xtib3rius
TH-cam: / tib3rius
Everywhere else: tib3rius.com/
@TracketPacer
Twitter: / tracketpacer
TH-cam: / tracketpacer
TikTok: / tracketpacer
Everywhere else: www.tracketpacer.com/
[❗] Join the book club on Patreon→ / threatwire
0:00 Intro
0:11 - Backdoor in XZ-Utils
4:46 - OWASP Oopsies
5:30 - UPDATE: NVD has broken its silence
8:14 - UPDATE: AT&T Finally Admits The L
8:57 - OUTRO
LINKS
🔗 Story 1: Backdoor in XZ-Utils
mastodon.social/@AndresFreund...
www.wiz.io/blog/cve-2024-3094...
bsky.app/profile/filippo.abys...
www.mail-archive.com/xz-devel...
www.openwall.com/lists/oss-se...
boehs.org/node/everything-i-k...
gist.github.com/thesamesam/22...
🔗 Story 2: OWASP Oopsies
/ 1774851614752313460
www.bleepingcomputer.com/news...
owasp.org/blog/2024/03/29/OWA...
🔗 Story 3: UPDATE: NVD has broken its silence
www.first.org/conference/vuln...
www.infosecurity-magazine.com...
sos-vo.org/news/nist-unveils-...
nvd.nist.gov/general/news/nvd...
🔗 Story 4: UPDATE: AT&T Finally Admits The L
www.securityweek.com/att-says...
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - วิทยาศาสตร์และเทคโนโลยี
Sorry this week’s episode was late !!! We are working through some production line optimizations for making threatwire - we will be back to being a well oiled machine very soon!
Thank you for understanding!!!
One of the biggest web consortiums is W3C (World Wide Web consortium) who support the development of web standards and accessibility.
Omg ya ofc !!! Totally forgot about this one !!!! Such an impt one
Notably the W3C didn't develop html5. In fact it was developed in spite of them, and they were ultimately told by everyone else that they needed to get on board with it or get out of the way. The WCAG 2.0 are also kinda BS, but they're sticking to that one because the industry doesn't care about web accessibility enough to push back (and nobody wants the PR of being "anti-disability" when ambivalence will suffice.
Your delivery really improving with every episode, keep it up Amy!
Who?
xP, LOL
@@VincentThePhotog He means Eva.
ALI Diamond 💎 jokster lol
Andres Freund deserves a Cuckoo's Egg award from Cliff Stoll.
It is one of the craziest exploits. Great coverage Ali cheers.
That backdoor did not make it to full distribution ... can you imagine if it did and how many have already gone through?😅
@@projectsspecial9224 would be terrible
Your doing such a good job and it’s been really awesome watching you grow more and more comfortable in front of a camera and your writing I do have one unsolicited suggestion but I feel will really help when reading off acronyms (like OWASP) it would really help if you read off what it stood for and just quickly said what they do just like once in the episode so I don’t have to google it 😂 some of us aren’t in netsec all day but love the tech news
Omg! Ya I’ll do this next time ! Great feedback
Thank you for the coverage Ali! I appreciate how you show care for the dedicated few working on those repos
Thank you. As usual, a very informational video. Keep it up. A great fan of Ali Diamond.
Loved the April Fool's video. Your deadpan delivery was perfect
Love the work you do Ali🎉
Great video! Great info!
I literally avoided all other vids on XZ so I could get the breakdown here, GG!
"Is your name Ali Diamond?"
"No, mine's Clarence!"
Great job!! Alice👍🏻
Thank you for concise explanation
Thank you, Ali (and Brewski), for keeping Threat Wire alive. I always enjoy your updates and insights
Thanks Amy... 😂😂😂 I appreciate the great content Ali. Have a wonderful day.
Nice video! Keep it up, Abby!
Good job. I noticed a trend in the news in this video seems to come down to staffing resources hopefully over the coming years we can focus on pumping more people power to the areas that need it.
Love the show
great job
Kuddos on the Mastodon screenshot!
Who should I follow on mastodon!!! I’ve not spent too much time on there
@endingwithali Loved this episode but now I need to know where you got those gorgeous earrings!
askandembla.net/products/sacred-heart-earrings !
the puppies deserve more camera time.
Good video Amanda.
I've seen several variations to Ali, like Allye, Aly, Alie. Someone typing Amy must have hearing problems. His or her brain is just filling in missing information.
On the plus side, you could always use Al Lee where that might be beneficial. He's the one armed man you're looking for officer. 😁
Shalom
Or....it was a typo...
Ali with an i…Karate Kid flashback 😅
This format rocks .Ignore the haters
Does Bruceski have a ig?
Any one else think perhaps and maybe this might be bigger than just a few nefarious individuals and instead corporations
Just wanted to drop a line to say I think you're doing a great job. You had some big boots to fill. I normally watch on my TV so don't get to comment.
Imagine having to announce a data breach on April 1st. Insult to injury there.
You slayed this episode
Thank youuuuu
@@endingwithali@endingwithali keep up the great work and if I may offer some advice, keep being yourself but get comfortable with your audience, I hope you aren't being given a strict script and can be comfortable with the content, thanks for all you do and keeping Threatwire alive, keep up the great work. Please take feedback with stride we appreciate it. One more thing, not sure if HAK5 has you nervous, but you're great and comfortable on your channel. While this is for work, we hope you get just as comfortable with your audience professionally and a bit more casually. Again, you're helping keep the Treatwire segment alive so thank you.
😍😍
framed Constellation Project NSA¨
Great episode. Enjoyed the news covered, but also enjoy the dogs - how many do you own?
audio changed slightly from the start to the end, great article none the less! love the pug
1:39 it sounds like a confused mitm
4:24 I dont manage many repo containers but I am a chronic back pain sufferer and ergonomics correctness is the only thing that helps at a certain point.
That for the Lols.
7:46 You can't. Actually i always thought the business logic in terms of an IDOR is in reality, exactly this.
Is your name "עליה"?
I sometimes feel that Ali is sad 😅
DARPA nanotechnology soldier look me up Unix philosophy systems V
pulleralarm
Amy is beautiful ❤️
State-backed actors.
PizzA
I keep telling people not to pay ransom because 1. they (or an associate) will come back later and try again (you paid once, so you'll pay again is the thinking). 2. they will, absolutely, no question, no ifs or buts, sell on your data regardless as to whether you pay up or not.
Your dog is such a cutie!! Also, I hope the guy who planted the back down goes to jail or never gets a job in tech ever again.
Why people connecting Andres to microsoft? 🤣 he is not related to MS as my understanding.
I was going to say something... but pug. Pug stole it. Puggiest pug that pugged! 😄
מה זה השם הזה לא הבנתי את עליה או אלי
שלא נתבלבל היא שמה גם את השרשרת עם השם באנגלית מעל חח. אף פעם לא ממש הבנתי את העניין הזה עם השם על התליון, זה נועד להזכיר למישהו ששכח או מה?!
יש כאלה ששוכחים
@@tntomega ישכחו גם ללבוש תשרשרת ואז מה?!
@@MI-wc6nk בעיה אח בעיה....
Doggy!
This isn't a "supply chain attack." Open source maintainers aren't vendors.
Damn Dimples! Looking good girl.💓💓💓💞💞💞💘💘💘
I miss Shannon. the format just sucks now
please change the host , we want original host back!!