19: Sunburst and Securing Your Supply Chain

Today, Brandon and Eric take a look Solarburst, the Solar Winds vulnerability that led to one of the biggest breaches in years. You'll get their take on the impact as well as stop by the Productivity Corner to discuss 30-60-90. All that and more on this episode of the Sudo Show! Destination Linux Network (https://destinationlinux.network) Sudo Show Website (https://sudo.show) Sponsor: Digital Ocean (https://do.co/dln) Sponsor: Bitwarden (https://bitwarden.com/dln) Sudo Show Swag (https://sudo.show/swag) UPDATED! Contact Us: DLN Discourse (https://sudo.show/discuss) Email Us! (mailto:contact@sudo.show) Matrix: +sudoshow:matrix.org Digital Ocean: Jump Start Your Startup with DigitalOcean App Platform (https://www.digitalocean.com/blog/jump-start-your-startup-with-digitalocean-app-platform/) SolarWinds (https://www.solarwinds.com/) OpenNMS (https://www.opennms.com/) Fireeye (https://www.fireeye.com/) Sunburst: Arstechnica: Feds Wrn that Solarwinds Hackers Likely Used Other Ways to Breach Networks (https://arstechnica.com/information-technology/2020/12/feds-warn-that-solarwinds-hackers-likely-used-other-ways-to-breach-networks/) Arstechnica: Microsoft is Reportly Added to the Growing List of Victims (https://arstechnica.com/information-technology/2020/12/microsoft-is-reportedly-added-to-the-growing-list-of-victims-in-solarwinds-hack/) ZDNet: The More We Learn the Worse It Looks (https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/) CNN: US Officials Scramble to Deal with Suspected Russian Hack of Government Agencies (https://www.cnn.com/2020/12/14/politics/us-agencies-hack-solar-wind-russia/index.html) Open Source Hacks: Mint: Beware of Hacked ISOs (https://blog.linuxmint.com/?p=2994) Fossbyes: Fake Kodi Repos Hijack GitHub (https://fossbytes.com/fake-kodi-repos-hijack-github/) The Register: Leaky S3 Buckets (https://www.theregister.com/2020/08/03/leaky_s3_buckets/) Protecting Your Supply Chain: Docker Certification Program (https://www.docker.com/blog/announcing-docker-certified/) ReproducibleBuilds.Org (https://reproducible-builds.org/) Tidelift (https://tidelift.com/) Linux Foundation: Preventing Supply Chain Attacks Like Solarwinds (https://www.linuxfoundation.org/en/blog/preventing-supply-chain-attacks-like-solarwinds) Open Source Security Foundation (https://openssf.org/) Palo Alto: What is a Zero Trust Architecture (https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture) GitHub: Third Party Code Scanning (https://github.blog/2020-10-05-announcing-third-party-code-scanning-tools-static-analysis-and-developer-security-training/) GitLab: Dependency Scanning (https://docs.gitlab.com/ee/user/application_security/dependency_scanning/) Productivity Corner: 30-60-90 Amazon: The First 90 Days, Michael D. Watkins (https://amzn.to/36bykB6) Disclaimer, this is an Affiliate link. A percentage of your purchase will go to support the Sudo Show!