aboutsummaryrefslogtreecommitdiff
path: root/slides
diff options
context:
space:
mode:
authorElena ``of Valhalla'' Grandi <valhalla@trueelena.org>2016-06-15 21:19:38 +0200
committerElena ``of Valhalla'' Grandi <valhalla@trueelena.org>2016-06-15 21:19:38 +0200
commitadd51a307878fd7fe6dc13062faf07ea32e884f8 (patch)
tree0008acde32efee6de19fc006b48633bd9af5cfed /slides
parentc9057369e8966d8e673e085ccc0bc96c4880e39f (diff)
Some ideas
Diffstat (limited to 'slides')
-rw-r--r--slides/caramelle_dagli_sconosciuti.rst42
1 files changed, 42 insertions, 0 deletions
diff --git a/slides/caramelle_dagli_sconosciuti.rst b/slides/caramelle_dagli_sconosciuti.rst
index c54c97d..66187fe 100644
--- a/slides/caramelle_dagli_sconosciuti.rst
+++ b/slides/caramelle_dagli_sconosciuti.rst
@@ -6,3 +6,45 @@
Ed altri buoni motivi per usare apt
-------------------------------------
+Sconosciuti che offrono caramelle
+---------------------------------
+
+
+
+La saga di npm
+--------------
+
+::
+
+ leftPad = require('left-pad')
+ leftPad('foo', 5)
+
+Okkupazione degli errori di battitura
+-------------------------------------
+
+``http://incolumitas.com/2016/06/08/typosquatting-package-managers/``
+
+ In this blog post I will show how:
+
+ * **17000 computers** were forced to execute arbitrary code by typosquatting
+ programming language packages/libraries
+ * **50%** of these installations were conducted with administrative rights
+ * Even highly security aware institutions (**.gov and .mil hosts**) fell
+ victim to this attack
+ * a typosquatting attack becomes **wormable** by mining the **command history
+ data** of hosts
+ * some good *defenses* against typosquatting package managers might look
+ like
+
+Parentesi: rpm, yum ed altre varianti
+-------------------------------------
+
+Apt
+---
+
+ Those who don't know apt are forced to reimplement it. badly.
+
+Questions?
+----------
+
+[insert obligatory cat]