blob: 656634648569a5c4a92b2d01fc2042e24198dc22 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
=============================
Caramelle dagli sconosciuti
=============================
-------------------------------------
Ed altri buoni motivi per usare apt
-------------------------------------
Subtitles-ish
-------------
English transcript available at:
``https://www.trueelena.org/computers/articles/candy_from_strangers.html``
``https://eoval.org/ujhYnHeE``
Sconosciuti che offrono caramelle
---------------------------------
.. image:: img/1408390295.pdf
:align: center
``https://openclipart.org/detail/196328/poison-label-gift``
Okkupazione degli errori di battitura
-------------------------------------
``http://incolumitas.com/2016/06/08/typosquatting-package-managers/``
In this blog post I will show how:
* **17000 computers** were forced to execute arbitrary code by typosquatting
programming language packages/libraries
* **50%** of these installations were conducted with administrative rights
* Even highly security aware institutions (**.gov and .mil hosts**) fell
victim to this attack
* a typosquatting attack becomes **wormable** by mining the **command history
data** of hosts
* some good *defenses* against typosquatting package managers might look
like
``http://ur1.ca/poaqc`` ``http://ur1.ca/poaqj`` (archive.org)
Apt
---
*Those who don't know apt are forced to reimplement it. badly.*
La saga di npm
--------------
``https://lwn.net/Articles/681410/``
::
leftPad = require('left-pad')
leftPad('foo', 5)
Debian
------
* ``https://www.debian.org/social_contract``
* ``https://www.debian.org/devel/constitution``
Contribute!
-----------
* ``https://www.debian.org/intro/help``
* ``https://fedoraproject.org/wiki/Join``
* ...
Questions?
----------
.. image:: img/20060616_IMG_0081.jpg
:align: center
``https://commons.wikimedia.org/wiki/File:20060616_IMG_0081.jpg``
|
