Billions of downloads and no defense against typosquatting feels like a bad combination in this day and age
This is because miscreants can upload a malicious package, and write whatever they want in the author, copyright, and description fields on the landing page. Thus anyone could create a bad package, and share in the gallery with Microsoft or AWS supplied as the author. If a user expands the"Package details" section of the page, they'll see a list of user accounts connected to that upload, but these profiles can spoofed, too.
The third flaw allows access to unlisted or hidden packages — such as those containing sensitive data — to anyone willing to do enough digging to find the occasional needle in a haystack. that contained"comprehensive information about all packages within the PowerShell Gallery" including unlisted ones.There's a URL at the end of the XML file of the format, one can wade through every package, listed or unlisted, and their specific versions. This type of access could be especially useful to criminals looking for highly sensitive data to steal for extortion or espionage purposes, the researchers posit.
Australia Latest News, Australia Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Kessler Foundation researchers receive $1.7 million in grants to improve lives of TBI patientsKessler Foundation scientists received four grants from the New Jersey Commission on Brain Injury Research, totaling nearly $1.7 million for studies based on a variety of novel approaches aimed at improving the lives of individuals with traumatic brain injury (TBI).
Read more »
A study of links between fracking and health issues will be released by Pennsylvania researchersResearchers in heavily drilled Pennsylvania were preparing Tuesday to release findings from taxpayer-financed studies on possible links between the natural gas industry and pediatric cancer, asthma and poor birth outcomes.
Read more »
26 Emmerdale pictures: Cheating scandal as Mary and Manpreet secrets are exposedYour weekly Emmerdale picture gallery for episodes airing between August 21 to 25.
Read more »
Researchers find heartbeat relies on surprisingly large network of proteinsThe first mapping of the heart's crucial ion channels reveals a surprisingly extensive network of proteins. This understanding is the first step towards more precise treatment for patients with cardiac arrhythmias.
Read more »
Researchers discover contrast dye shortage affected assessment of stroke patientsUniversity of Missouri School of Medicine neurologist Adnan Qureshi, MD recently led a study that discovered last year's iodinated media contrast dye shortage affected the assessment of stroke patients at hospitals across the country. Injecting or drinking the media contrast helps doctors see blood vessels and organs more clearly in an X-ray or a computed tomography (CT) scan.
Read more »
26 Emmerdale pictures: Cheating scandal as Mary and Manpreet secrets are exposedYour weekly Emmerdale picture gallery for episodes airing between August 21 to 25.
Read more »