SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.
SoylentNews
Submitted via IRC for TheMightyBuzzard
Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package.
The module's name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code.
This discussion has been archived.
No new comments can be posted.
Backdoored Python Library Caught Stealing SSH Credentials
|
Log In/Create an Account
| Top
| 11 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Everybody is going somewhere!! It's probably a garage sale or a
disaster Movie!!
(Score: 2) by pkrasimirov on Saturday May 12 2018, @04:52PM
Ah wait, me stupid. It was never commited in git lol, only in binary (pypi.org).
https://webcache.googleusercontent.com/search?q=cache:vjUIkPX1-0EJ:https://github.com/urigoren/ssh_decorator/issues/11+ [googleusercontent.com]