Security researchers breaks over open-source repositories at paypal co. A

adminonNovember 26, 2021December 23, 2021Leave a Comment

Security researchers breaks over Open-Source repositories at PayPal Amp; Co. A

Many coarse companies such as Microsoft, Shopify and Uber put in their day-to-day work on scripts that are available for download in various open source repositories. This has used a security researcher as a TuroFNER to successfully enter the networks of more than a dozen gross companies.

He has collected his findings in a post. According to him, the companies knew about his research and he has declined, for example, against the background of bug-bounty programs in networks. He calls his approach "Dependency Confusion".

Old method recited

The idea is not completely new, but has a new turn. In the past, criminals repeatedly uploaded in public repositories of, for example, Node, Python or Rubygems in the hope, uploaded that admins in companies download and export the malware scripts.

In order to increase the chances of success, they have changed names of known packages with obvious speech turns (Typosquatting). If an admin is installing on the command line during installation, the script uploaded by the attacker lands on the computer.

This type of attack has expanded the security researcher. During his research, he rely on public code of PayPal on Github. In it he found names of Dependencies, which PayPal uses. In part, these are internally hosted.

Does this work?

Now he asked himself what happened when copying the names and with own code provided with own code in public repositories. He also tried that for further companies and according to him was the success rate "just amazing".

Why this works, he greeted on the example of Python Dependencies as follows: Use the command PIP Install Library with the Argument –Extra-Index URL, it is increasing whether the library to be installed is available locally or via the Internet. If she appears in both places, the version is installed with the higher version number. As a result, the security researcher has provided its predaparied libraries with a very high serial number.

The security researcher indicates that many companies have meanwhile adapted their routines to the use of scripts from repositories so that this method does not work anymore. For this he has a total of 130.000 US dollars in Pramien Uber Bug-Bounty programs earned.

How much is Brazil changing under the new president Bolsonaro?? Aid organizations are concerned about an increase in hatred and violence. Meanwhile, a homosexual member of parliament has left the country in fear of his life.

The deputy of the Brazilian left-wing party PSOL, Jean Wyllys (44), has sought refuge abroad following death threats. This was reported by the newspaper "Folha de S. Paulo" on Friday. According to the report, Wyllys, a homosexual who has been feuding with President Jair Bolsonaro, who has been in office since January, wants to give up his mandate for security reasons.

In October, the deputy, who advocates for the rights of homosexual, transsexual and intersexual people, had been re-elected; on 1. February he was due to begin his third term.

Return uncertain

He is currently staying in an unknown location and will not return to Brazil, he told the newspaper. It was justified by the increasingly violent climate against LGBT activists. Wyllys was under police protection after the murder of his party colleague Marielle Franco in March 2018. There have also been death threats against fellow party member Marcelo Freixo for years. In both cases, the authorities ame the activity of paramilitary militias.

Wyllys was the first parliamentarian in Brazil to openly admit his homosexuality. For years, he has had an open enmity with Bolsonaro. The two had verbally attacked each other in Congress, with Bolsonaro calling Wyllys a "faggot" several times. After Bolsonaro exalted the military dictatorship during the vote to oust then-President Dilma Rousseff in early 2016, Wyllys spat at the then-parliamentary colleague.

"Go with God and be happy"

Further, Wyllys told "Folha" that recent revelations surrounding Bolsonaro's son, Flavio, also prompted him to run. Flavio, elected senator in October, is said to be close to a militia group that may have been involved in Franco's murder. Minutes after Wyllys' decision became public, President Bolsonaro declared via Twitter that it was "a great day". His son Carlos also tweeted, "Go with God and be happy".

After the two tweets were met with massive public criticism, the Bolsonaros said their text messages had not referred to Wyllys, but to Bolsonaro's return trip from the World Economic Forum in Davos. Wyllys' place is now to be taken by party colleague David Miranda in the parliamentary post for the PSOL. Miranda is also an LGBT activist and is married to U.S. journalist Glenn Greenwald. The latter had become known worldwide in 2013 through his reports about former NSA official Edward Snowden.

Misereor sees increase in hatred and violence in Brazil

Catholic relief agency Misereor says hatred and violence are on the rise in Brazil under new president Jair Bolsonaro. "Social movements and non-governmental organizations have been strongly criminalized, social debates are conducted with hatred," said Misereor consultant Anna Moser in an interview with the magazine "Publik-Forum" on Friday.

The president's positions of clearing virgin forests for export agriculture and large-scale land ownership "ultimately justify violence throughout the country," Moser said. The rights of small farmers and indigenous peoples would be increasingly restricted. For example, she said, Bolsonaro has weakened the Federal Agency for Indigenous Affairs and distributed its powers to the Ministry of Agriculture. The traditionally drives forward the exploitation of the Amazon region.

Misereor in Brazil

Misereor reportedly currently supports 170 local partners in Brazil with about 13 million euros annually.

In addition, Misereor helps to clarify violent attacks on agricultural workers and indigenous peoples in order to be able to hold those responsible accountable. But that is "very difficult because of the entanglement of agribusiness and politics," Moser said.

It was not surprising that during the Pope's trip to Africa – after the debacle over the traditionalists and Holocaust denier Richard Williamson – the controversy over the AIDS ie would break out anew. Already on the flight to Cameroon he commented on this – and repeated the church's position. The media are eagerly pouncing on the statement about condoms – and are studiously overlooking the church's multifaceted fight against immunodeficiency. On Wednesday the Vatican reacted with a statement.

It is necessary to correct "the image that we only throw around 'no'", Pope Benedict XVI replied. in the large television interview before its Bavaria journey 2006 to the topic AIDS in Africa. He made it clear that the church must fight AIDS primarily through education and care for the sick, and that the church in Africa is already doing a great deal in this area. Technology and technical knowledge, it made clear at the time, were not enough if the standards for the proper use of that technology were lacking. The problem of AIDS cannot be solved merely with advertising slogans, with money and not even with the distribution of condoms, the pope said now before his visit to Africa. On the contrary, there is a risk of increasing the problem, probably because it would advertise sexual promiscuity. What is more important is a "humanization of sexuality," a different way of dealing with each other, and attention to those who suffer. The Pope did not say anything new, explained Vatican spokesman Federico Lombardi. It reiterated the Church's previous position, and it would not introduce any new positions on this subject during the course of the trip. For the Church, the spread of AIDS cannot be blocked by condoms – especially since the disease is spread in Africa not only through sexual contact, but also through poor hygiene, for example in hospitals. Rather, it is a matter of education for responsible sexual behavior, of propagating the essential role of marriage and family. The Church is by no means inactive here, but makes a significant contribution to the fight against the pandemic through an active presence, through competent and efficient assistance, and through free treatment for as many patients as possible. The Church is concentrating its efforts in this area because it considers it to be the most effective method in the long term for combating the scourge of AIDS. Contrary to some amptions three years ago, a Vatican change of course in the matter of AIDS is not to be expected at present. At the time, Vatican Health Minister Cardinal Javier Lozano Barragan had caused speculation when he commissioned a study. However, this was not about a general church approval of condoms, especially since sex outside of marriage is considered a sin by the church. Rather, they asked whether partners in marriage could use a condom if one of them was infected with HIV to prevent infection: Condom use as a "lesser evil," a means to "legitimate defense". After lengthy discussion of the more than 100-page study, the Vatican decided not to ie a new paper. It is a very difficult problem in terms of moral theology, and among moral theologians there is a whole range of legitimate positions, they said at the time. A partial or conditional relaxation of the ban would create confusion. However, one would certainly react appropriately in individual cases to those affected. At the time, Cardinal Godfried Danneels of Belgium called protection against infection or death an "act of precaution that is morally different from the use of condoms for the purpose of contraception". And the former Vatican court theologian Cardinal George Cottier also said that in certain cases condom use could be morally legitimate.

Old method recited

Does this work?

Leave a Reply Cancel reply