Collaborate Disseminate
macports
binaries are useable from /opt/local/bin/, i.e. for tesseract
bin$ which tesseract
/opt/local/bin/tesseract
bin$ ls /opt/local/bin/tesseract
-rwxr-xr-x 1 root admin 28120 15 Sep 2016 /opt/local/bin/tesseract
bin$ ls /op… Continue reading What are the security implications of homebrew and macports?
My understanding is dm-verity target is read-only so there is no way Yum or any other RPM front end can install a new package on dm-verity enabled block device?
Even if some mechanism is used to update a single package’s fil… Continue reading Can Yum or any other RPM front end work with dm-verity? [migrated]
Recently, eslint-scope and eslint-config-eslint packages were hacked in an interesting way – one of the maintainer’s account was compromised by an attacker and a new “patch” version with the malicious code was published to th… Continue reading Recent ESLint hack or how can we protect ourselves from installing malicious npm packages?
Debian has a JSON file containing all CVE<->Fixed package versions map.
Link: https://security-tracker.debian.org/tracker/data/json
Does Ubuntu have something similar?
Continue reading Is there a security tracker aggregated file for Ubuntu server like Debian has?
This question is an exact duplicate of:
CVE vs KB Table [closed]
Redhat has a very nice xml containing all known CVEs and the package version they are fixed in (https://www.re… Continue reading looking for computer readable lists of CVE to package name sources [duplicate]
I know it is unsafe to install software (including Python packages) from not trusted or compromised sources.
However I wonder how safe I am when I am installing a trusted package from Python Package Index or from Anaconda re… Continue reading Is it safe to use Python package managers like pip, easy_install or conda?
I know it is unsafe to install software (including Python packages) from not trusted or compromised sources.
However I wonder how safe I am when I am installing a trusted package from Python Package Index or from Anaconda re… Continue reading Is it safe to use Python package managers like pip, easy_install or conda?
Lot of software use lot of dependencies. Some of these dependencies have been developed by single developers. There were cases of buyout popular npm and php libraries and browser extensions with the sole purpose to put a back… Continue reading Why too little attention is paid to protection from buying widespread dependencies
Is the action of adding non-official (third party) repositories to Linux dangerous by itself?
For example, in Debian environments one could do:
add-apt-repository ppa:some_non_official_repository/nor_name
I don’t mean t… Continue reading Is the action of adding non-official repositories to Linux dangerous by itself?
On various security forums I have seen links to a post about a fictive malicious NPM package harvesting information. The posts title:
I’m harvesting credit card numbers and passwords from your site.
Here’s how.
The be… Continue reading Malicious NPM Package – Does it fit into OWASP Top Ten 2017?