aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--references.txt4
-rw-r--r--slides/caramelle_dagli_sconosciuti.rst42
2 files changed, 46 insertions, 0 deletions
diff --git a/references.txt b/references.txt
new file mode 100644
index 0000000..d7bc37b
--- /dev/null
+++ b/references.txt
@@ -0,0 +1,4 @@
+
+
+http://incolumitas.com/2016/06/08/typosquatting-package-managers/
+https://lwn.net/Articles/681410/
diff --git a/slides/caramelle_dagli_sconosciuti.rst b/slides/caramelle_dagli_sconosciuti.rst
index c54c97d..66187fe 100644
--- a/slides/caramelle_dagli_sconosciuti.rst
+++ b/slides/caramelle_dagli_sconosciuti.rst
@@ -6,3 +6,45 @@
Ed altri buoni motivi per usare apt
-------------------------------------
+Sconosciuti che offrono caramelle
+---------------------------------
+
+
+
+La saga di npm
+--------------
+
+::
+
+ leftPad = require('left-pad')
+ leftPad('foo', 5)
+
+Okkupazione degli errori di battitura
+-------------------------------------
+
+``http://incolumitas.com/2016/06/08/typosquatting-package-managers/``
+
+ In this blog post I will show how:
+
+ * **17000 computers** were forced to execute arbitrary code by typosquatting
+ programming language packages/libraries
+ * **50%** of these installations were conducted with administrative rights
+ * Even highly security aware institutions (**.gov and .mil hosts**) fell
+ victim to this attack
+ * a typosquatting attack becomes **wormable** by mining the **command history
+ data** of hosts
+ * some good *defenses* against typosquatting package managers might look
+ like
+
+Parentesi: rpm, yum ed altre varianti
+-------------------------------------
+
+Apt
+---
+
+ Those who don't know apt are forced to reimplement it. badly.
+
+Questions?
+----------
+
+[insert obligatory cat]