Josh and Kurt talk about an attack against PyTorch and NPM. The PyTorch attack shows the difficulty of operating a large open source project. The NPM situation continues to show the difficulty in trying to backdoor open source. Many people are watching, and it only takes one person to notice a problem and report it, and we all benefit.
Show Notes
- Peanut Butter the dog plays Gyromite
- The Wizard movie
- PyTorch supply chain attack
- npm Package Found Delivering Sophisticated RAT
- Deceptive Deprecation: The Truth About npm Deprecated Packages
- Changing a lightbulb
- Spelunking the Bitcoin Blockchain with Josh Bressers | CypherCon 4.0
- Operation Triangulation - What You Get When Attack iPhones of Researchers
- 9th Annual State of the Software Supply Chain