diff options
-rw-r--r-- | references.txt | 4 | ||||
-rw-r--r-- | slides/caramelle_dagli_sconosciuti.rst | 42 |
2 files changed, 46 insertions, 0 deletions
diff --git a/references.txt b/references.txt new file mode 100644 index 0000000..d7bc37b --- /dev/null +++ b/references.txt @@ -0,0 +1,4 @@ + + +http://incolumitas.com/2016/06/08/typosquatting-package-managers/ +https://lwn.net/Articles/681410/ diff --git a/slides/caramelle_dagli_sconosciuti.rst b/slides/caramelle_dagli_sconosciuti.rst index c54c97d..66187fe 100644 --- a/slides/caramelle_dagli_sconosciuti.rst +++ b/slides/caramelle_dagli_sconosciuti.rst @@ -6,3 +6,45 @@ Ed altri buoni motivi per usare apt ------------------------------------- +Sconosciuti che offrono caramelle +--------------------------------- + + + +La saga di npm +-------------- + +:: + + leftPad = require('left-pad') + leftPad('foo', 5) + +Okkupazione degli errori di battitura +------------------------------------- + +``http://incolumitas.com/2016/06/08/typosquatting-package-managers/`` + + In this blog post I will show how: + + * **17000 computers** were forced to execute arbitrary code by typosquatting + programming language packages/libraries + * **50%** of these installations were conducted with administrative rights + * Even highly security aware institutions (**.gov and .mil hosts**) fell + victim to this attack + * a typosquatting attack becomes **wormable** by mining the **command history + data** of hosts + * some good *defenses* against typosquatting package managers might look + like + +Parentesi: rpm, yum ed altre varianti +------------------------------------- + +Apt +--- + + Those who don't know apt are forced to reimplement it. badly. + +Questions? +---------- + +[insert obligatory cat] |