The Core

Why We Are Here => Hardware & Technology => Topic started by: littleman on December 05, 2019, 07:01:17 PM

Title: Python libraries caught stealing SSH and GPG keys
Post by: littleman on December 05, 2019, 07:01:17 PM
Any Python people here?

https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

python3-dateutil

jeIlyfish

Quote
The two malicious clones were discovered on Sunday, December 1, by German software developer Lukas Martini. Both libraries were removed on the same day after Martini notified dateutil developers and the PyPI security team.

While the python3-dateutil was created and uploaded on PyPI two days before, on November 29, the jeIlyfish library had been available for nearly a year, since December 11, 2018.
Title: Re: Python libraries caught stealing SSH and GPG keys
Post by: rcjordan on December 05, 2019, 11:48:07 PM
Machine-raiding Python libraries squashed by community – Naked Security
https://nakedsecurity.sophos.com/2019/12/05/machine-raiding-python-libraries-squashed-by-community/