Ua ho'ōki iki ka waihona waihona Python PyPI (Python Package Index) i ka hoʻopaʻa inoa ʻana i nā mea hoʻohana hou a me nā papahana. ʻO ke kumu i hāʻawi ʻia ʻo ka piʻi ʻana o ka hana a nā mea hoʻouka i hoʻomaka i ka hoʻolaha ʻana i nā pūʻolo me nā code malicious. Ua ʻike ʻia, ma muli o ka nui o nā luna hoʻomalu i ka hoʻomaha, i ka pule i hala aku nei ka nui o nā papahana ʻino i hoʻopaʻa ʻia ma mua o ka hiki o ka hui PyPI i koe e pane koke. Hoʻolālā nā mea hoʻomohala e kūkulu hou i kekahi mau kaʻina hōʻoia i ka hopena pule, a laila hoʻomaka hou i ka hiki ke hoʻopaʻa inoa me ka waihona.
Wahi a ka ʻōnaehana nānā ʻana i ka hana ʻino mai Sonatype, ma Malaki 2023, ua ʻike ʻia he 6933 mau pōʻai ʻino i ka PyPI catalog, a ma ka huina, mai ka makahiki 2019, ua ʻoi aku ka nui o nā pōʻai ʻino i ʻike ʻia ma mua o 115 tausani. I Dekemaba 2022, ma muli o ka hoʻouka ʻana i nā papa kuhikuhi NuGet, NPM a me PyPI, ua hoʻopaʻa ʻia ka paʻi ʻana o 144 tausani pūʻulu me ka phishing a me ka code spam.
Hoʻololi ʻia ka hapa nui o nā pūʻolo hewa e like me nā hale waihona puke kaulana e hoʻohana ana i ka typosquatting (e hāʻawi ana i nā inoa like ʻokoʻa i kēlā me kēia kanaka, no ka laʻana, examplepl ma kahi o ka laʻana, djangoo ma kahi o Django, pyhton ma kahi o python, etc.) typo a ʻaʻole ʻike i ka ʻokoʻa o ka inoa i ka wā e ʻimi ai. ʻO nā hana ʻino maʻamau e iho mai i ka hoʻouna ʻana i ka ʻikepili huna i loaʻa ma ka ʻōnaehana kūloko ma muli o ka ʻike ʻana i nā faila maʻamau me nā ʻōlelo huna, nā kī komo, nā wallets crypto, nā hōʻailona, nā Kuki hui a me nā ʻike huna ʻē aʻe.
Source: opennet.ru