info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Popular Python Package 'ctx' Hijacked to Steal AWS Keys
15 views
Skip to first unread message
Turritopsis Dohrnii Teo En Ming
May 25, 2022, 9:48:19 AM5/25/22
to
Subject: Popular Python Package 'ctx' Hijacked to Steal AWS Keys
Good day from Singapore,
Sharing this article for more awareness.
Article: Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked
to Steal AWS Keys
Link: https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.html
Thank you.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
25 May 2022 Wed
Good day from Singapore,
Sharing this article for more awareness.
Article: Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked
to Steal AWS Keys
Link: https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.html
Thank you.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
25 May 2022 Wed
George Fischhof
May 25, 2022, 11:04:42 AM5/25/22
to
Turritopsis Dohrnii Teo En Ming <tdte...@gmail.com> ezt írta (időpont:
2022. máj. 25., Sze, 15:49):
> --
> https://mail.python.org/mailman/listinfo/python-list
Hi All,
it's got to my mind that PYPA, community, and developers should develop
some mechanism to protect against similar threats.
For example security checkers could be added to the upload flow, before a
package appears, and becomes downloadable.
Compiled parts should be allowed only in source, and security checkers
would check those too, and compile from source and publish package only
after these checks executed and did not found any harmful thing.
BR,
George
2022. máj. 25., Sze, 15:49):
> https://mail.python.org/mailman/listinfo/python-list
Hi All,
it's got to my mind that PYPA, community, and developers should develop
some mechanism to protect against similar threats.
For example security checkers could be added to the upload flow, before a
package appears, and becomes downloadable.
Compiled parts should be allowed only in source, and security checkers
would check those too, and compile from source and publish package only
after these checks executed and did not found any harmful thing.
BR,
George
0 new messages