Software Engineering Radio - the podcast for professional software developers cover image

Episode 535: Dan Lorenc on Supply Chain Attacks

Software Engineering Radio - the podcast for professional software developers

00:00

How to Log a Malicious Password Into a JVM

If I'm the bad guy then I put a string in my malicious password or my malicious HTTP header. It would maybe have a dollar sign or something around it to tell the interpreter that it's code. The interpreter will then run that code and do whatever it does. That's how this was triggered. People would just put a URL containing a malicious jar and then click the URL for logging.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app