The OWASP Podcast Series artwork

event-stream: Analysis of a Compromised npm Package

The OWASP Podcast Series

English - November 27, 2018 20:19 - 21 minutes - 21.2 MB - ★★★★★ - 23 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Spy vs Spy in Application Security: Harvesting Adversaries
Next Episode: Open Source Vulnerabilities - Who is Ultimately Responsible

Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software Developer at Intrinsic and author of "Compromised npm Package: event-stream", and Brian Fox, CTO of Sonatype, author of the Forbes "Open Source Developers And Infrastructure Are The New Front Line Of Security?" article.

Compromised npm Package: event-stream
https://medium.com/intrinsic/compromi...

Open Source Developers And Infrastructure Are The New Front Line Of Security
https://www.forbes.com/sites/forbestechcouncil/2018/05/11/open-source-developers-and-infrastructure-are-the-new-front-line-of-security/#2ad9e84457c2

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof
https://blog.sonatype.com/open-source-software-is-under-attack-new-event-stream-hack-is-latest-proof