Stories
Slash Boxes
Comments

SoylentNews is people

Backdoored Python Library Caught Stealing SSH Credentials

posted by Fnord666 on Friday May 11 2018, @09:39PM   Printer-friendly
from the another-day-another-hack dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package.

The module's name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code.

Source: https://www.bleepingcomputer.com/news/security/backdoored-python-library-caught-stealing-ssh-credentials/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Backdoored Python Library Caught Stealing SSH Credentials | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by coolgopher on Saturday May 12 2018, @02:21AM

    by coolgopher (1157) on Saturday May 12 2018, @02:21AM (#678666)

    I disagree. There is still the advantage that the open-source code *can* be reviewed. Without going through six months of setting up agreements, NDAs, and other lawyering.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5