XZ: The day the internet (almost) died - Reinier & Roel / Lombok Team

Im März dürfen wir euch ein ganz besonderes Highlight aus der Kategorie “Über den Tellerrand” präsentieren:
Die Macher von Project Lombok Roel Spilker und Reinier Zwitserloot kommen uns wieder
im Rahmen ihrer JUG Tour besuchen und präsentieren ihren neuesten Vortrag " XZ: The day the internet (almost) died". Diesmal geht es nicht primär um Java, sondern um Software Sicherheit allgemein, und speziell um die Sicherheit bei der Erstellung von Software, welche Angriffsmöglichkeiten auf die Software Supply Chain es gibt und wie man sich davor schützen kann.

Anschließend stehen die Java Experten für eine Ask-Me-Anything (AMA) Session bereit.

Der Vortrag sowie die AMA Session werden in englischer Sprache gehalten. Diesmal findet das Treffen an einem Montag statt, da die Lombok Guys ihre JUG Tour mit uns starten wollen :)

Talk & slides will be in english.

Wir freuen uns auf einen schönen gemeinsamen Abend!

/Abstract
A curious blip in a timing test made Andres Freund (a PostgreSQL developer) raise an eyebrow and investigate. Little did he know he would uncover one of the most elaborate hacking attempts known to date using an open source project.
A team of Russian hackers had been working for over a year on infiltrating an open source project called XZ utils (also known as LZMA utils). They came eerily close to having a compromised version shipped as part of the ‘stable’ releases of various linux distributions, including debian. You know: The stuff that 90% of the internet runs on. It would have allowed the hackers to log in as root to virtually all machines running linux and having ssh open, anywhere on the planet.
This talk is for the programmers. We’ll show you exactly how the hackers compromised XZ, and which James Bond-like shenanigans they used to mislead the maintainer. Can you spot the error in a pull request that was put there intentionally to disable a security feature? Do you know how one sneaks a binary executable into a project build, when linux maintainers ordinarily demand all can be built from source?
As maintainers of Lombok, we'll also give some advice to those who maintain or rely on open source software.
WARNING: You will leave the room in awe of the games the attackers played. You will be scared witless too; how close we came to disaster and how none of the current safety measures that aim to prevent supply side attacks would have been able to stop this attack.

/Bio
Reinier Zwitserloot is co-founder and development lead at Zorg op Orde,
helping general practitioners, bridging the gap between medical researchers and the
waiting room. Together with Roel Spilker he is the inventor of Project Lombok, a
compiler/IDE plugin to bring the java programming language into the next
decennium.
Roel Spilker is a technology evangelist at TOPdesk. He's been a professional
java programmer and teacher since 1999. Roel has been a fan of compile-time
checking. Together with Reinier Zwitserloot he is the inventor of Project
Lombok, a compiler/IDE plugin to bring the java programming language into
the next decennium.