How programmers can be tricked into running bad code
Are programming language package managers vulnerable to typosquatting attacks? And can these attacks result in software developers running potentially malicious code? The answer to both these questions is yes. This was demonstrated by University of Hamburg student Nikolai Philipp Tschacher who, for his bachelor thesis, performed research that involved creating packages with names very similar to those of 214 popular packages, and uploading them to PyPi, npmjs.com, and rubygems.org, package repositories of the programming languages … More → Continue reading How programmers can be tricked into running bad code