Python has gained a lot of fans since it’s free. Commercial packages like SAS are losing market share.
With many firms and startups trying to build the next ChatGPT, and programmers liking freeware, I expect this kind of attack to become way more common.
1 posted on
01/13/2024 9:53:25 AM PST by
DoodleBob
To: ShadowAce; AnotherUnixGeek
Possible ping of interest.
2 posted on
01/13/2024 9:54:20 AM PST by
DoodleBob
(Gravity's waiting period is about 9.8 m/s²)
To: DoodleBob; rdb3; JosephW; martin_fierro; Still Thinking; zeugma; Vinnie; ironman; Egon; raybbr; ...
3 posted on
01/13/2024 10:03:28 AM PST by
ShadowAce
(Linux - The Ultimate Windows Service Pack )
To: DoodleBob
To: DoodleBob
>>”PyPI continues to be abused by cyber attackers to compromise Python programmers’ devices.”
People are why we can’t have nice things.
5 posted on
01/13/2024 10:56:16 AM PST by
vikingd00d
(chown -R us ~you/base)
To: DoodleBob
Python is favored for data science and machine learning in my environment. PyPI has been a reliable source of standard libraries. Too bad that is getting abused. Perhaps it is time for digital signatures on library code.
6 posted on
01/13/2024 12:03:27 PM PST by
Myrddin
To: DoodleBob
I predicted this was going to be an Achilles’ Heel of AI programming: the package won’t koow enough either to avoid new backdoors in the wild, or to recognize when an unscrupulous developer is verbally telling the AI program to put in a malicious module.
7 posted on
01/13/2024 12:13:01 PM PST by
grey_whiskers
( The opinions are solely those of the author and are subject to change without notice.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson