January 25, 2021
Hot Topics:

German University Student Tricks Government Devs into Running Bad Code

  • By Developer.com Staff

As part of his thesis project, University of Hamburg student Nikolai Philipp Tschacher conducted a typosquatting attack which demonstrated that it was extremely easy to get developers, including some that work for the U.S. government and military, to run sketchy code. Tschacher first wrote some fake code and then researched the most popular packages on the PyPI, RubyGems, and NPM developer websites. He then uploaded his own code to those sites using names that were very similar to the popular packages.

Over several months, 17,000 different Web domains ran his fake code more than 45,000 times. Two of those domains belonged to the U.S. military. "There were also 23 .gov domains from governmental institutions of the United States," Tschacher wrote in his thesis. "This number is highly alarming, because taking over hosts in US research laboratories and governmental institutions may have potentially disastrous consequences for them."

View article

This article was originally published on June 15, 2016

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date