1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How programmers can be tricked into running bad code

Discussion in 'Help Net Security' started by RSS, Jun 15, 2016.

  1. RSS

    RSS New Member Member

    Are programming language package managers vulnerable to typosquatting attacks? And can these attacks result in software developers running potentially malicious code? The answer to both these questions is yes. This was demonstrated by University of Hamburg student Nikolai Philipp Tschacher who, for his bachelor thesis, performed research that involved creating packages with names very similar to those of 214 popular packages, and uploading them to PyPi, npmjs.com, and rubygems.org, package repositories of the programming languages … More →

    Continue reading...
     

Share This Page