Popular Python Package 'ctx' Hijacked to Steal AWS Keys
George Fischhof
george at fischhof.hu
Wed May 25 11:04:07 EDT 2022
Turritopsis Dohrnii Teo En Ming <tdtemccna at gmail.com> ezt írta (időpont:
2022. máj. 25., Sze, 15:49):
> Subject: Popular Python Package 'ctx' Hijacked to Steal AWS Keys
>
> Good day from Singapore,
>
> Sharing this article for more awareness.
>
> Article: Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked
> to Steal AWS Keys
> Link:
> https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.html
>
> Thank you.
>
> Regards,
>
> Mr. Turritopsis Dohrnii Teo En Ming
> Targeted Individual in Singapore
> 25 May 2022 Wed
> --
> https://mail.python.org/mailman/listinfo/python-list
Hi All,
it's got to my mind that PYPA, community, and developers should develop
some mechanism to protect against similar threats.
For example security checkers could be added to the upload flow, before a
package appears, and becomes downloadable.
Compiled parts should be allowed only in source, and security checkers
would check those too, and compile from source and publish package only
after these checks executed and did not found any harmful thing.
BR,
George
More information about the Python-list
mailing list