XZ Utils Backdoor

Hello Protocols, Packets, Programs, and…Problems,

I have some errata for our last episode that just so happened to fall on April Fool’s.

We covered articles from 2004 instead of 2024.

I apologize for the error and am reviewing how we could have mistaken appsec challenges from two decades ago as indistinguishable from today.

I understand now that it might take yet one more version of a top 10 list to raise enough awareness about SQL injection to eradicate it as a vuln class.

I realize now that calling for the death of passwords in 2004 was premature, since it’s apparently still important to make users read password composition instructions before they can handle better choices like passkeys and other hardware-backed solutions.

This intro was, of course, a nod to last week’s episode 279 where did a news segment as if it were 2004 instead of 2024.


Check out this episode's show notes for links to the articles we covered. And please take a moment to subscribe.