Help me find podcast about the Log4j social engineering
December 2, 2024 3:00 PM   Subscribe

I remember hearing a podcast about the Log4j vulnerability that focused on how the original author was badgered into handing over the project to someone who turned out to be a bad actor. I thought it was on RadioLab or Planet Money but can't find it on their sites.
posted by espertus to Technology (4 answers total)
 
Are you sure it was log4j? That's been an Apache project for a long time; the Log4Shell 0-day was found a few years ago, well after the project was under Apache's control.
posted by axiom at 3:09 PM on December 2, 2024


Yeah, that sounds like April's xz-utils supply chain breach, there's this episode of Planet Money about it.
posted by k3ninho at 3:14 PM on December 2, 2024 [5 favorites]


Could you be thinking of the backdoor inserted into the xz utility (discussed here)?

Edit: What k3ninho said.
posted by figurant at 3:15 PM on December 2, 2024 [1 favorite]


Response by poster: Thanks! It must have been xz-utils.
posted by espertus at 3:24 PM on December 2, 2024


« Older Hair razor not working, suggestions?   |   Do you live in Sturbridge, MA, or near there? Newer »

You are not logged in, either login or create an account to post comments