British developer uses homegrown scanning tool to check for risks
Apart from the subverted libraries and the half-decent code, what has PyPI ever given us? Lately, it's been offering keys that provide access to the AWS computing resources and data used by Amazon, Intel, various US universities, the Australian government, US energy firm Fusion Atomics, and Malaysia-based Top Glove, the world's largest glove maker, among others.outlining how he found 57 active API access keys for AWS services from the above mentioned companies.
The problem, of course, is that a less scrupulous person could create a similar scanning script for the purpose of exploitation and abuse. And it would be surprising if that isn't happening already."It depends on the exact permissions given to the key itself," Forbes explained."The key I found leaked by InfoSys [] had 'full admin access' which means it can do anything, and other keys I found in PyPI were ‘root keys’ which are also allowed to do anything.
"GitHub also cares a lot about supply chain security but they have dug themselves a hole: The way they scan for secrets involves a lot of collaboration with vendors who may disclose internal information about how keys are constructed to GitHub," he explained.
Belgique Dernières Nouvelles, Belgique Actualités
Similar News:Vous pouvez également lire des articles d'actualité similaires à celui-ci que nous avons collectés auprès d'autres sources d'information.
WIN! Luxury dinner and B&B package at The Old Inn, CrawfordsburnThe North Down hotel has launched a range of new packages from £160 per person
Lire la suite »
I wish my tax dollars went to cool stuff like this Canadian government-funded Fallout modThe Sum / Nous Aurons might be one of the most ambitious Fallout mods ever made, a totally new game built out of the not-quite-beloved Fallout Tactics.
Lire la suite »
Why gold is the bright stuff for would-be sanctions busters\n\t\t\tExpert insights, analysis and smart data help you cut through the noise to spot trends,\n\t\t\trisks and opportunities.\n\t\t\n\t\tJoin over 300,000 Finance professionals who already subscribe to the FT.
Lire la suite »
Ginny and Georgia tackles this rarely explored race issue beautifullyIt's some heavy stuff.
Lire la suite »
The really good stuff to buy this January, according to a shopping editorLooking for quirky and cool stuff to buy? We've rounded up TikTok trends, new launches and everything worth your cash this month. Read more on heat
Lire la suite »
Man, 45, charged with murdering his mum, 84, found at home with head injuriesA man in Chipping Campden has been charged with murdering his 84-year-old mother after she was found dead at home with head injuries.
Lire la suite »