A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
Episode 413 - PyTorch and NPM get attacked, but it's OK
January 28, 2024
35:19
33.9 MB
Downloads: 0
Josh and Kurt talk about an attack against PyTorch and NPM. The PyTorch attack shows the difficulty of trying to operate a large open source project. The NPM problem is one of the difficulty in trying to backdoor open source. A lot of people are watching and it only takes one person to notice a problem and we all benefit.
Show Notes- Peanut Butter the dog plays Gyromite
- The Wizard movie
- PyTorch supply chain attack
- npm Package Found Delivering Sophisticated RAT
- Deceptive Deprecation: The Truth About npm Deprecated Packages
- Changing a lightbulb
- Spelunking the Bitcoin Blockchain with Josh Bressers | CypherCon 4.0
- Operation Triangulation - What You Get When Attack iPhones of Researchers
- 9th Annual State of the Software Supply Chain