Sep 14, 2022
Shout out to Derek Ardolf! He's one of the rock stars on the Salt Core team. A few days ago, he sent Chunga a handful of different blogs and news articles about PyPi, which sent Chunga into a massive rabbit hole. The articles and blogs were all about legitimate projects that have been compromised by phishing and malware attacks through PyPi.
Everybody loves PyPi, including Tom and Chunga. With that said, they have both been sounding the alarm on The Hacks about these types of channel attacks for years! Why hasn't more been done about this type of vulnerability? Tom says it simply comes down to the extreme size of open source projects vs. available resources. He also says as far as this type of problem is concerned, we're still in the wild west! So, is there anything that can be done to deal with these kinds of intrusions? Listen to this episode of The Hacks to find out!