Podcast Episode 299: It’s hard to get hacked worse than this
This week we chat about the massive Solarigate hack, how attitudes towards bullying have changed over the years, and the programming projects we have in mind for the holidays.
Episode Notes
There is a nice breakdown of the Solarigate attack here, but the most important thing to know is that just seeing the words BusinessLayer.dll is enough to make our eyes glaze over and our defenses go down.
One interesting second order effect of this intrusion is that it will be difficult to know when all malicious code and access has really been removed. It brought to mind the classic Turing Award Lecture, Reflections on Trusting Trust by Ken Thompson.
If you’re trying to entertain kids over the holidays, Ben will be messing around with Roblox, which lets you create your own mini-games and has several hooks to deeper programming capabilities.
Our Lifeboat badge winner this week is Chinito, who answered the question of how you can: Set style using pure JavaScript
Tags: the stack overflow podcast
14 Comments
Did Sara really say that a DLL is a way to obfuscate code?
I made a discernable wtf face when hearing that
Timestamp?
Early in at 2:25
It’s compiled, not obfuscated. Same as an exe but for shared code. I don’t know why they’re making a big deal about it being “obfuscated,” that’s just nonsense.
Not quite; just that DLL files often come with some obfuscation layer applied.
I’m wondering if I’m too old school and missing some context here. Do new programmers that has been growing up with Open Source and GitHub expect to get source code and compile things themselves when reusing other libraries? Or what else could cause someone to equalize DLLs with obfuscation?
If you don’t distribute dll files, how would any windows executable run?
Open Visual Studio, create a new console application that does something like print “Hello World,” and examine the bin folder. You’ll find one and only one file there: the executable.
Not if it’s .NET Core 🙂
Sorry, couldn’t resist.
This is the first podcast I have ever listened to and it is super disappointing. Just a bunch of general chatting, hardly anything at all specific to this hack, which is a super interesting topic and it would have been nice to hear some new, actual details from experts on SO, who have access to other experts with inside knowledge.
I stopped at 11:00 when the discussion turned to cyberbullying.
Are kids these days really more polite than previous generations? As in, Stepford polite? I find that hard to believe.
What is their behavior like when adults aren’t looking over their shoulder?
What happened to the sound? It seems much clearer now.
E.g., is it now also recorded locally and later combined (for higher sound quality)?
The bullying comment about ‘smart vs attractiveness’ (15:06-41) also gets followed up in real life. See new research on believing harassment statements https://www.apa.org/pubs/journals/releases/psp-pspi0000260.pdf