19: Sunburst and Securing Your Supply Chain
Sudo Show
English - February 18, 2021 12:00 - 30 minutes - 25.3 MBTechnology Education Self-Improvement devops cloud native technology sudo linux open source work from home productivity red hat foss Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
Today, Brandon and Eric take a look Solarburst, the Solar Winds vulnerability that led to one of the biggest breaches in years. You'll get their take on the impact as well as stop by the Productivity Corner to discuss 30-60-90. All that and more on this episode of the Sudo Show!
Destination Linux Network (https://destinationlinux.network)
Sudo Show Website (https://sudo.show)
Sponsor: Digital Ocean (https://do.co/dln)
Sponsor: Bitwarden (https://bitwarden.com/dln)
Sudo Show Swag (https://sudo.show/swag) UPDATED!
Contact Us:
DLN Discourse (https://sudo.show/discuss)
Email Us! (mailto:[email protected])
Matrix: +sudoshow:matrix.org
Digital Ocean: Jump Start Your Startup with DigitalOcean App Platform (https://www.digitalocean.com/blog/jump-start-your-startup-with-digitalocean-app-platform/)
SolarWinds (https://www.solarwinds.com/)
OpenNMS (https://www.opennms.com/)
Fireeye (https://www.fireeye.com/)
Sunburst:
Arstechnica: Feds Wrn that Solarwinds Hackers Likely Used Other Ways to Breach Networks (https://arstechnica.com/information-technology/2020/12/feds-warn-that-solarwinds-hackers-likely-used-other-ways-to-breach-networks/)
Arstechnica: Microsoft is Reportly Added to the Growing List of Victims (https://arstechnica.com/information-technology/2020/12/microsoft-is-reportedly-added-to-the-growing-list-of-victims-in-solarwinds-hack/)
ZDNet: The More We Learn the Worse It Looks (https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/)
CNN: US Officials Scramble to Deal with Suspected Russian Hack of Government Agencies (https://www.cnn.com/2020/12/14/politics/us-agencies-hack-solar-wind-russia/index.html)
Open Source Hacks:
Mint: Beware of Hacked ISOs (https://blog.linuxmint.com/?p=2994)
Fossbyes: Fake Kodi Repos Hijack GitHub (https://fossbytes.com/fake-kodi-repos-hijack-github/)
The Register: Leaky S3 Buckets (https://www.theregister.com/2020/08/03/leaky_s3_buckets/)
Protecting Your Supply Chain:
Docker Certification Program (https://www.docker.com/blog/announcing-docker-certified/)
ReproducibleBuilds.Org (https://reproducible-builds.org/)
Tidelift (https://tidelift.com/)
Linux Foundation: Preventing Supply Chain Attacks Like Solarwinds (https://www.linuxfoundation.org/en/blog/preventing-supply-chain-attacks-like-solarwinds)
Open Source Security Foundation (https://openssf.org/)
Palo Alto: What is a Zero Trust Architecture (https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture)
GitHub: Third Party Code Scanning (https://github.blog/2020-10-05-announcing-third-party-code-scanning-tools-static-analysis-and-developer-security-training/)
GitLab: Dependency Scanning (https://docs.gitlab.com/ee/user/application_security/dependency_scanning/)
Productivity Corner: 30-60-90
Amazon: The First 90 Days, Michael D. Watkins (https://amzn.to/36bykB6)
Disclaimer, this is an Affiliate link. A percentage of your purchase will go to support the Sudo Show!
Today, Brandon and Eric take a look Solarburst, the Solar Winds vulnerability that led to one of the biggest breaches in years. You'll get their take on the impact as well as stop by the Productivity Corner to discuss 30-60-90. All that and more on this episode of the Sudo Show!
Destination Linux Network
Sudo Show Website
Sponsor: Digital Ocean
Sponsor: Bitwarden
Sudo Show Swag UPDATED!
Contact Us:
DLN Discourse
Email Us!
Matrix: +sudoshow:matrix.org
Digital Ocean: Jump Start Your Startup with DigitalOcean App Platform
Sunburst:
Arstechnica: Feds Wrn that Solarwinds Hackers Likely Used Other Ways to Breach Networks
Arstechnica: Microsoft is Reportly Added to the Growing List of Victims
ZDNet: The More We Learn the Worse It Looks
CNN: US Officials Scramble to Deal with Suspected Russian Hack of Government Agencies
Open Source Hacks:
Mint: Beware of Hacked ISOs
Fossbyes: Fake Kodi Repos Hijack GitHub
The Register: Leaky S3 Buckets
Protecting Your Supply Chain:
Docker Certification Program
ReproducibleBuilds.Org
Tidelift
Linux Foundation: Preventing Supply Chain Attacks Like Solarwinds
Open Source Security Foundation
Palo Alto: What is a Zero Trust Architecture
GitHub: Third Party Code Scanning
GitLab: Dependency Scanning
Productivity Corner: 30-60-90
Amazon: The First 90 Days, Michael D. Watkins
Disclaimer, this is an Affiliate link. A percentage of your purchase will go to support the Sudo Show!
Sponsored By:
Digital Ocean: $100 Free Credit!Bitwarden