Python Security alert for python libraries

AI Thread Summary
The security alert from the Slovak National Security Authority warns about fake Python libraries that contain malicious code, albeit relatively benign. This highlights the importance of using trusted sources for Python packages. Installing Python modules from a Linux distribution's repository is recommended, as it provides an additional layer of security through vetting and testing by repository maintainers. The alert has prompted organizations to review their installations for potentially infected packages, with some using provided scripts for verification.
Stephen Tashi
Science Advisor
Homework Helper
Education Advisor
Messages
7,864
Reaction score
1,602
  • Like
Likes Borg and FactChecker
Technology news on Phys.org
This seems like a good argument for using Linux. I install all the python modules I need from my Linux distro's repository. So fake packages would have had to get by the vetting and testing of the repository's maintainer. That's an added level of security.
 
Stephen Tashi said:
This security alert
http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
warns against fake python libraries: containing "malicious (but relatively benign) code".
I just saw this today. A corporate email went out in my office a couple of weeks ago about this and we've been checking all of our installations for the infected packages using the scripts in your link.
 
Thread 'Is this public key encryption?'

Thread 'Is this public key encryption?'

I've tried to intuit public key encryption but never quite managed. But this seems to wrap it up in a bow. This seems to be a very elegant way of transmitting a message publicly that only the sender and receiver can decipher. Is this how PKE works? No, it cant be. In the above case, the requester knows the target's "secret" key - because they have his ID, and therefore knows his birthdate.
View full post »

Similar threads

Python Is Turtle a Module or Library in Python?
Replies
2
Views
2K
Python Understanding Python Module Installation with Pip
Replies
8
Views
2K
Python Re: Python’s Sympy Module and the Cayley-Hamilton Theorem
Replies
3
Views
1K
Trying to run a big python job with AWS (EC2), is there a better way?
Replies
7
Views
2K
Python Building a Solar System simulation with python
Replies
2
Views
3K
Python Python DEAP Library -- List index out of range error
Replies
6
Views
4K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
4K
Do you want to build a website?
Replies
15
Views
3K
Implementing secure login with Swift and a PHP API
Replies
13
Views
2K
I am getting an error Import "_frozen_importlib" could not be resolved
Replies
5
Views
14K

Hot Threads

Recent Insights

Back
Top