PyPi Found Stuffed With AWS Keys and Malware
Podcast |
The Hacks
Publisher |
The Hacks
Media Type |
audio
Podknife tags |
Cybersecurity
Technology
Categories Via RSS |
News
Tech News
Technology
Publication Date |
Mar 07, 2023
Episode Duration |
00:52:22

Chunga wants to give a quick shout out to programmers in the U.K.! Once again, a guy in England developed a scanning tool, and found 57 API access keys for AWS and a bunch of Malware in PyPi.

Tom Forbes built this tool in Rust to automatically scan new packages released in PyPi, and many of the AWS keys he found grant full admin access to the key holder. 

Tom Hatch says there's a lot of similarities between the open source pipeline attacks back in the 1990's and whats happening with PyPi today. So, who's responsible for issues like this? Is it the programmer? Is it PyPi? Or, is it the responsibility of the software user?

Tom Hatch and Tom Forbes disagree on where the responsibility lies.  Listen now to find out what each one of the say!

Check out the powerful new Idem Project!

Join the Salt Project Community!

 

 

This episode currently has no reviews.

Submit Review
This episode could use a review!

This episode could use a review! Have anything to say about it? Share your thoughts using the button below.

Submit Review