ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "event-stream: Analysis of a Compromised npm Package"
Episode Synopsis
Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software Developer at Intrinsic and author of "Compromised npm Package: event-stream", and Brian Fox, CTO of Sonatype, author of the Forbes "Open Source Developers And Infrastructure Are The New Front Line Of Security?" article.
Compromised npm Package: event-stream
https://medium.com/intrinsic/compromi...
Open Source Developers And Infrastructure Are The New Front Line Of Security
https://www.forbes.com/sites/forbestechcouncil/2018/05/11/open-source-developers-and-infrastructure-are-the-new-front-line-of-security/#2ad9e84457c2
Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof
https://blog.sonatype.com/open-source-software-is-under-attack-new-event-stream-hack-is-latest-proof
Compromised npm Package: event-stream
https://medium.com/intrinsic/compromi...
Open Source Developers And Infrastructure Are The New Front Line Of Security
https://www.forbes.com/sites/forbestechcouncil/2018/05/11/open-source-developers-and-infrastructure-are-the-new-front-line-of-security/#2ad9e84457c2
Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof
https://blog.sonatype.com/open-source-software-is-under-attack-new-event-stream-hack-is-latest-proof
More episodes of the podcast The OWASP Podcast Series
ep2024-09 Threat Modeling with Takaharu
25/09/2024
ep2024-08 OWASP Projects Roundup
30/08/2024
ep2023-07 What's Audit got to do with IT
31/07/2023
AppSec at 40,000 feet
22/05/2023
In God we trust