top of page

Cybersecurity and Repositories

Not too long ago, repositories were not targeted. If you used a library or repository, there was a reasonable assumption it could be trusted and used without an issue. There started to be a trend around 2017 with malicious packages being placed in the Python Package Index (PyPI).


There was also the case of the University of Minnesota sending buggy packages to Linux as a research experiment. Somehow this was approved by their research ethics board. The University was banned for their behavior from the repository.


In January 2024, more malicious packages were detected in the PyPI. One piece of malware noted this time around was the White Snake Stealer. These were uploaded by a bad actor named “WS”. The malware is designed to harvest data from web browsers, cryptocurrency wallets, and apps. This is one reason not to blindly trust the repositories. You never know. Generally, you will be fine. As President Reagan is often quoted, “Trust, but verify.” There are several tools openly available to scan these for vulnerabilities. The last thing you want is to poison your elegant code with malicious code from a “trusted” repository


About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

コメント


Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Archive
Search By Tags
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

© 2023 by Marketing Solutions. Proudly created with Wix.com

bottom of page