Noticias sobre Linux
1 meneos
3 clics

Hijacking of popular ctx and phpass packages reveals open source security gaps - Help Net Security (ENG)

The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send them to a Heroku app. But what at first seemed like the work of a malicious actor turned out to be an exploit by a security researcher, who wanted to demonstrate how easy it is to take control of popular packages and the repositories hosting them.

| etiquetas: hijacking , ctx , phpass , open source , security , gaps

menéame