5th September 2022
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,159
|
|
Warning: PyPI Feature Executes Code Automatically After Python Package Download
From https://thehackernews.com/2022/09/wa...utes-code.html
Quote:
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them.
"A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb said in a technical report published this week.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|