[rwth-security] Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies

17 Feb 2021


      Hallo zusammen,

sofern nicht selber schon gesehen/-lesen hier [0] FYI

     "Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies"

	--> das Tool confused ("... checking for lingering free namespaces for private
	    package names referenced in dependency configuration ...) ist auf [1] zu finden

		- Python (pypi)
		- JavaScript (npm)
		- PHP (composer)

VG

Bernd


[0]
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

[1]
https://github.com/visma-prodsec/confused

-- 

Bernd Kohler
  
IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler@itc.rwth-aachen.de
www.itc.rwth-aachen.de

Social Media Kanäle des IT Centers:
https://blog.rwth-aachen.de/itc/
https://www.facebook.com/itcenterrwth
https://www.linkedin.com/company/itcenterrwth
https://twitter.com/ITCenterRWTH
https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ