Infecting Systems by Typosquatting Programming Language Libraries
Typosquatting is an old trick of registering a domain name a typo away from a popular domain name and using it for various nefarious purposes. Nikolai Philipp Tschacher just published a bachelor’s thesis where he does the same trick with the names of popular code libraries, and tricks 17,000 computers into running arbitrary code.
Ars Technica article.
Mike Gerwitz • June 15, 2016 7:37 AM
There is a long-standing, disturbing trend for software authors/packagers/distributors to neglect signing packages or distributions, and for package managers to not provide support for a keyring.