[GTALUG] security threats of Open Source
o1bigtenor
o1bigtenor at gmail.com
Thu Jan 23 15:27:25 EST 2020
On Thu, Jan 23, 2020 at 1:08 PM D. Hugh Redelmeier via talk
<talk at gtalug.org> wrote:
>
> <https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealing-data-from-unix-systems/>
>
> This article list six cases of malware contributed to npm (the repo for
> sharing node.js and JavaScript source).
>
> How many undetected cases exist?
>
> I've alway pretended that Linux distros vet their code. I'm not sure how
> true that is. Probably the greatest protection is the time delay between
> contribution and distribution.
>
> I wonder what can be done about this problem. I've said so at our
> meetings a few times too.
>
> Of course the problem is worse with closed source: it is impossible to
> audit the source. But closed source might have fewer contributors and
> more supervision. Of course much closed soure is built on top of open
> source and thuse all its weakness
In this vein - - - - a contact who in computer terms calls himself a dinosaur
refuses to allow javascript on his computers doing all his browsing on text
based browsers. In his opinion javascript is a serious accident already in free
fall. What you're sharing only emphasizes that. Maybe its time to join his
anti Javascript position?
Regards
More information about the talk
mailing list