Security alert for python libraries

Stephen Tashi
Science Advisor
Homework Helper
Education Advisor
Messages
7,864
Reaction score
1,605
  • Like
Likes   Reactions: Borg and FactChecker
Technology news on Phys.org
This seems like a good argument for using Linux. I install all the python modules I need from my Linux distro's repository. So fake packages would have had to get by the vetting and testing of the repository's maintainer. That's an added level of security.
 
Stephen Tashi said:
This security alert
http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/
warns against fake python libraries: containing "malicious (but relatively benign) code".
I just saw this today. A corporate email went out in my office a couple of weeks ago about this and we've been checking all of our installations for the infected packages using the scripts in your link.
 

Similar threads

  • · Replies 2 ·
Replies
2
Views
2K
  • · Replies 8 ·
Replies
8
Views
3K
  • · Replies 3 ·
Replies
3
Views
2K
  • · Replies 7 ·
Replies
7
Views
3K
  • · Replies 2 ·
Replies
2
Views
4K
  • · Replies 6 ·
Replies
6
Views
5K
  • · Replies 15 ·
Replies
15
Views
3K
  • · Replies 13 ·
Replies
13
Views
2K
Replies
5
Views
17K