63 min listen
The insider perspective on the event-stream compromise (Interview)
The insider perspective on the event-stream compromise (Interview)
ratings:
Length:
69 minutes
Released:
Dec 5, 2018
Format:
Podcast episode
Description
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
Released:
Dec 5, 2018
Format:
Podcast episode
Titles in the series (100)
Riak, the New Erlang-based NoSQL Store: with Andy Gross and Sean Cribbs by The Changelog: Software Development, Open Source