From add51a307878fd7fe6dc13062faf07ea32e884f8 Mon Sep 17 00:00:00 2001 From: Elena ``of Valhalla'' Grandi Date: Wed, 15 Jun 2016 21:19:38 +0200 Subject: Some ideas --- references.txt | 4 ++++ slides/caramelle_dagli_sconosciuti.rst | 42 ++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 references.txt diff --git a/references.txt b/references.txt new file mode 100644 index 0000000..d7bc37b --- /dev/null +++ b/references.txt @@ -0,0 +1,4 @@ + + +http://incolumitas.com/2016/06/08/typosquatting-package-managers/ +https://lwn.net/Articles/681410/ diff --git a/slides/caramelle_dagli_sconosciuti.rst b/slides/caramelle_dagli_sconosciuti.rst index c54c97d..66187fe 100644 --- a/slides/caramelle_dagli_sconosciuti.rst +++ b/slides/caramelle_dagli_sconosciuti.rst @@ -6,3 +6,45 @@ Ed altri buoni motivi per usare apt ------------------------------------- +Sconosciuti che offrono caramelle +--------------------------------- + + + +La saga di npm +-------------- + +:: + + leftPad = require('left-pad') + leftPad('foo', 5) + +Okkupazione degli errori di battitura +------------------------------------- + +``http://incolumitas.com/2016/06/08/typosquatting-package-managers/`` + + In this blog post I will show how: + + * **17000 computers** were forced to execute arbitrary code by typosquatting + programming language packages/libraries + * **50%** of these installations were conducted with administrative rights + * Even highly security aware institutions (**.gov and .mil hosts**) fell + victim to this attack + * a typosquatting attack becomes **wormable** by mining the **command history + data** of hosts + * some good *defenses* against typosquatting package managers might look + like + +Parentesi: rpm, yum ed altre varianti +------------------------------------- + +Apt +--- + + Those who don't know apt are forced to reimplement it. badly. + +Questions? +---------- + +[insert obligatory cat] -- cgit v1.2.3