OWASP Oopsies and Calling XZ What It Is - ThreatWire
Рет қаралды 16,561
Күн бұрын⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → / threatwire
@endingwithali →
Twitch: / endingwithali
Twitter: / endingwithali
KZfaq: / @endingwithali
Everywhere else: links.ali.dev
@0xTib3rius
Twitter: / 0xtib3rius
Twitch: / 0xtib3rius
KZfaq: / tib3rius
Everywhere else: tib3rius.com/
@TracketPacer
Twitter: / tracketpacer
KZfaq: / tracketpacer
TikTok: / tracketpacer
Everywhere else: www.tracketpacer.com/
[❗] Join the book club on Patreon→ / threatwire
0:00 Intro
0:11 - Backdoor in XZ-Utils
4:46 - OWASP Oopsies
5:30 - UPDATE: NVD has broken its silence
8:14 - UPDATE: AT&T Finally Admits The L
8:57 - OUTRO
LINKS
🔗 Story 1: Backdoor in XZ-Utils
mastodon.social/@AndresFreund...
www.wiz.io/blog/cve-2024-3094...
bsky.app/profile/filippo.abys...
www.mail-archive.com/xz-devel...
www.openwall.com/lists/oss-se...
boehs.org/node/everything-i-k...
gist.github.com/thesamesam/22...
🔗 Story 2: OWASP Oopsies
/ 1774851614752313460
www.bleepingcomputer.com/news...
owasp.org/blog/2024/03/29/OWA...
🔗 Story 3: UPDATE: NVD has broken its silence
www.first.org/conference/vuln...
www.infosecurity-magazine.com...
sos-vo.org/news/nist-unveils-...
nvd.nist.gov/general/news/nvd...
🔗 Story 4: UPDATE: AT&T Finally Admits The L
www.securityweek.com/att-says...
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
@endingwithali 2 ай бұрын
Sorry this week’s episode was late !!! We are working through some production line optimizations for making threatwire - we will be back to being a well oiled machine very soon! Thank you for understanding!!!
@leo_warren 2 ай бұрын
One of the biggest web consortiums is W3C (World Wide Web consortium) who support the development of web standards and accessibility.
@endingwithali 2 ай бұрын
Omg ya ofc !!! Totally forgot about this one !!!! Such an impt one
@knghtbrd 2 ай бұрын
Notably the W3C didn't develop html5. In fact it was developed in spite of them, and they were ultimately told by everyone else that they needed to get on board with it or get out of the way. The WCAG 2.0 are also kinda BS, but they're sticking to that one because the industry doesn't care about web accessibility enough to push back (and nobody wants the PR of being "anti-disability" when ambivalence will suffice.
@thefrub 2 ай бұрын
Your delivery really improving with every episode, keep it up Amy!
@VincentThePhotog 2 ай бұрын
Who?
@mrkmdz 2 ай бұрын
xP, LOL
@ftheilig 2 ай бұрын
@@VincentThePhotog He means Eva.
@mattd03411 2 ай бұрын
ALI Diamond 💎 jokster lol
@mrkmdz 2 ай бұрын
Andres Freund deserves a Cuckoo's Egg award from Cliff Stoll.
@mytechnotalent 2 ай бұрын
It is one of the craziest exploits. Great coverage Ali cheers.
@projectsspecial9224 2 ай бұрын
That backdoor did not make it to full distribution ... can you imagine if it did and how many have already gone through?😅
@mytechnotalent 2 ай бұрын
@@projectsspecial9224 would be terrible
@LucidEnemy 2 ай бұрын
Your doing such a good job and it’s been really awesome watching you grow more and more comfortable in front of a camera and your writing I do have one unsolicited suggestion but I feel will really help when reading off acronyms (like OWASP) it would really help if you read off what it stood for and just quickly said what they do just like once in the episode so I don’t have to google it 😂 some of us aren’t in netsec all day but love the tech news
@endingwithali 2 ай бұрын
Omg! Ya I’ll do this next time ! Great feedback
@Secret-Robot 2 ай бұрын
Genuine well-intentioned constructive feedback, nice. That's what makes us a community.
@simonvannarath 2 ай бұрын
"Is your name Ali Diamond?" "No, mine's Clarence!"
@osielramirez7274 2 ай бұрын
Thank you for the coverage Ali! I appreciate how you show care for the dedicated few working on those repos
@A_F_Innovate 2 ай бұрын
Love the work you do Ali🎉
@GrueTurtle Ай бұрын
Loved the April Fool's video. Your deadpan delivery was perfect
@fazalhayat7848 2 ай бұрын
Thank you. As usual, a very informational video. Keep it up. A great fan of Ali Diamond.
@NickyP217 2 ай бұрын
Great video! Great info!
@knewdist 2 ай бұрын
Great job!! Alice👍🏻
@sanantohomie 2 ай бұрын
I literally avoided all other vids on XZ so I could get the breakdown here, GG!
@saltyroe3179 2 ай бұрын
Thank you for concise explanation
@stuxed 2 ай бұрын
Kuddos on the Mastodon screenshot!
@endingwithali 2 ай бұрын
Who should I follow on mastodon!!! I’ve not spent too much time on there
@CedroCron 2 ай бұрын
Thanks Amy... 😂😂😂 I appreciate the great content Ali. Have a wonderful day.
@dylansolis4599 2 ай бұрын
Love the show
@WheezyE 2 ай бұрын
Thank you, Ali (and Brewski), for keeping Threat Wire alive. I always enjoy your updates and insights
@batica81 2 ай бұрын
Nice video! Keep it up, Abby!
@user-tx3sn8gk9j 2 ай бұрын
great job
@BabasBurek 2 ай бұрын
Good job. I noticed a trend in the news in this video seems to come down to staffing resources hopefully over the coming years we can focus on pumping more people power to the areas that need it.
@MizzMoxie 2 ай бұрын
@endingwithali Loved this episode but now I need to know where you got those gorgeous earrings!
@endingwithali 2 ай бұрын
askandembla.net/products/sacred-heart-earrings !
@NormanLyon 2 ай бұрын
the puppies deserve more camera time.
@warrenphilips8441 2 ай бұрын
I've seen several variations to Ali, like Allye, Aly, Alie. Someone typing Amy must have hearing problems. His or her brain is just filling in missing information. On the plus side, you could always use Al Lee where that might be beneficial. He's the one armed man you're looking for officer. 😁 Shalom
@FlameForgedSoul 2 ай бұрын
Or....it was a typo...
@Secret-Robot 2 ай бұрын
Rules of Engagement, good idea, especially for neurotic balls of anxiety like me.
@tibettenballs4962 2 ай бұрын
Wot mate? Ru on something ? Oi is your mind in the right state? Plz d Tell.
@Secret-Robot 2 ай бұрын
@@tibettenballs4962 What!? No, I'm not on anything and my mental faculties are something you'll never comprehend. You never know what someone has gone through, never assume anything about anyone. No need to be a git, mate. FYI - I was talking about the book club R.O.E
@tibettenballs4962 2 ай бұрын
@@Secret-Robot sry mate, didn’t mean to come off awry ! Blessed ma bruther
@Secret-Robot 2 ай бұрын
@@tibettenballs4962 all good, appreciate it.
@Secret-Robot 2 ай бұрын
@@tibettenballs4962 It's all good, much appreciated.
@t3keen0ob 2 ай бұрын
Ali with an i…Karate Kid flashback 😅
@streetinfamy 2 ай бұрын
Any one else think perhaps and maybe this might be bigger than just a few nefarious individuals and instead corporations
@zaelectricalltd1 2 ай бұрын
This format rocks .Ignore the haters
@maxime_vhw 2 ай бұрын
Good video Amanda.
@Codex_of_Wisdom 2 ай бұрын
Imagine having to announce a data breach on April 1st. Insult to injury there.
@user-td4pf6rr2t Ай бұрын
1:39 it sounds like a confused mitm 4:24 I dont manage many repo containers but I am a chronic back pain sufferer and ergonomics correctness is the only thing that helps at a certain point. That for the Lols. 7:46 You can't. Actually i always thought the business logic in terms of an IDOR is in reality, exactly this.
@anounTT 2 ай бұрын
Does Bruceski have a ig?
@ChuckNorris-lf6vo 2 ай бұрын
😍😍
@user-uz4ti5zs8z 2 ай бұрын
framed Constellation Project NSA¨
@RichardEricCollins 2 ай бұрын
Just wanted to drop a line to say I think you're doing a great job. You had some big boots to fill. I normally watch on my TV so don't get to comment.
@nickiminajwannabe 2 ай бұрын
You slayed this episode
@endingwithali 2 ай бұрын
Thank youuuuu
@timscott84 2 ай бұрын
@@endingwithali@endingwithali keep up the great work and if I may offer some advice, keep being yourself but get comfortable with your audience, I hope you aren't being given a strict script and can be comfortable with the content, thanks for all you do and keeping Threatwire alive, keep up the great work. Please take feedback with stride we appreciate it. One more thing, not sure if HAK5 has you nervous, but you're great and comfortable on your channel. While this is for work, we hope you get just as comfortable with your audience professionally and a bit more casually. Again, you're helping keep the Treatwire segment alive so thank you.
@Secret-Robot 2 ай бұрын
It's official, I'm going to college for computer science!
@eyezikandexploits 2 ай бұрын
Dont do collage, i promise you the people i know that went to collage for it vs the people who didnt and just learned the stuff through courses and online. Yeah the collage ones regret it and learned less
@mattd03411 2 ай бұрын
Lmao you wont make it just by that statment alone.
@mattd03411 2 ай бұрын
To elaborate, hacking and tech is an addiction to curiosity and knowledge. If you haven't picked up a book already and started, you don't have the messup head thats needed to succeed in the field.
@itayblasbalg4504 2 ай бұрын
Is your name "עליה"?
@iyadahmed3773 2 ай бұрын
I sometimes feel that Ali is sad 😅
@jonathanvasquez7595 2 ай бұрын
DARPA nanotechnology soldier look me up Unix philosophy systems V
@RavyDavy 2 ай бұрын
Great episode. Enjoyed the news covered, but also enjoy the dogs - how many do you own?
@DinoNucci 2 ай бұрын
PizzA
@garrysingh4484 2 ай бұрын
Amy is beautiful ❤️
@cpuuk 2 ай бұрын
I keep telling people not to pay ransom because 1. they (or an associate) will come back later and try again (you paid once, so you'll pay again is the thinking). 2. they will, absolutely, no question, no ifs or buts, sell on your data regardless as to whether you pay up or not.
@bonecircuit9123 2 ай бұрын
audio changed slightly from the start to the end, great article none the less! love the pug
@andrewr7820 2 ай бұрын
State-backed actors.
@Secret-Robot 2 ай бұрын
Pug!!!
@abuhamza2771 2 ай бұрын
pulleralarm
@MikeRaja 2 ай бұрын
Why people connecting Andres to microsoft? 🤣 he is not related to MS as my understanding.
@user-js4wi8mp7m 2 ай бұрын
Your dog is such a cutie!! Also, I hope the guy who planted the back down goes to jail or never gets a job in tech ever again.
@tntomega 2 ай бұрын
מה זה השם הזה לא הבנתי את עליה או אלי
@MI-wc6nk 2 ай бұрын
שלא נתבלבל היא שמה גם את השרשרת עם השם באנגלית מעל חח. אף פעם לא ממש הבנתי את העניין הזה עם השם על התליון, זה נועד להזכיר למישהו ששכח או מה?!
@tntomega 2 ай бұрын
יש כאלה ששוכחים
@MI-wc6nk 2 ай бұрын
@@tntomega ישכחו גם ללבוש תשרשרת ואז מה?!
@tntomega 2 ай бұрын
@@MI-wc6nk בעיה אח בעיה....
@infinitivez 2 ай бұрын
I was going to say something... but pug. Pug stole it. Puggiest pug that pugged! 😄
@ZaberfangX 2 ай бұрын
Doggy!
@zzco 2 ай бұрын
This isn't a "supply chain attack." Open source maintainers aren't vendors.
@C.J... 2 ай бұрын
Damn Dimples! Looking good girl.💓💓💓💞💞💞💘💘💘
@clickitsdone 2 ай бұрын
I miss Shannon. the format just sucks now
@ronak3600 2 ай бұрын
please change the host , we want original host back!!
Scott Manley
Рет қаралды 165 М.