Package Mis-Management

An increase in demand for quick and easy distribution of software is pushing risky practices.

Package management systems claim to manage packages, but they leave a lot to desire. The perception that users are stupid and can't understand command line, has turned many unsafe practices that were meant to quickly install a pre-released package into primary means of distribution.

We look at some of the most popular open source distribution mechanisms and share our view through recent incidents, a little bit of research and some suggestions for attack vectors.


URLs for Package Mis-Management

Slides: https://github.com/benjaoming/pytosquatting/raw/5b040581a0a129494b1b4ee3768e09d53b77438e/misc/bornhack-talk/slides.pdf


Instances

  • Tuesday Aug. 21 11:00 - 12:00 at Speakers Tent

Speaker(s):