An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages — e.g.: “urlib” instead of “urllib.” The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online. Developers who mistyped the package name loaded the malicious libraries in their software’s setup scripts. “These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code, ” NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user’s computer hostname. Collected data, which looked like “Y:urllib-1.21.1 admin testmachine”, was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday.” The advisory lays some of the blame on Python’s ‘pip’ tool, which executes arbitrary code during installations without requiring a cryptographic signature. Ars Technica also reports that another team of researchers “was able to seed PyPI with more than 20 libraries that are part of the Python standard library, ” and that group now reports they’ve already received more than 7, 400 pingbacks. Read more of this story at Slashdot.
Read More:
Python’s Official Repository Included 10 ‘Malicious’ Typo-Squatting Modules
At its Build developer conference today, Microsoft announced that Ubuntu has arrived in the Windows Store. From a report: The company also revealed that it is working with Fedora and Suse to bring their distributions to the Windows Subsystem for Linux (WSL) in Windows 10. At the conference last year, Microsoft announced plans to bring the Bash shell to Windows. The fruits of that labor was WSL, a compatibility layer for running Linux binary executables (in ELF format) natively on Windows, which arrived with the Windows 10 Anniversary Update released in August 2016. Microsoft also partnered with Canonical to allow Ubuntu tools and utilities to run natively on top of the WSL. By bringing Ubuntu to the Windows Store, the company is now making it even easier for developers to install the tools and run Windows and Linux apps side by side. Working with other Linux firms shows that Microsoft’s deal with Canonical was not a one-time affair, but rather part of a long-term investment in the Linux world. Read more of this story at Slashdot. 
There was a surprise in the latest Community Technology Preview release of SQL Server 2017. An anonymous reader quotes InfoWorld: Python can now be used within SQL Server to perform analytics, run machine learning models, or handle most any kind of data-powered work. This integration isn’t limited to enterprise editions of SQL Server 2017, either — it’ll also be available in the free-to-use Express edition… Microsoft has also made it possible to embed Python code directly in SQL Server databases by including the code as a T-SQL stored procedure. This allows Python code to be deployed in production along with the data it’ll be processing. These behaviors, and the RevoScalePy package, are essentially Python versions of features Microsoft built for SQL Server back when it integrated the R language into the database… An existing Python installation isn’t required. During the setup process, SQL Server 2017 can pull down and install its own edition of CPython 3.5, the stock Python interpreter available from the Python.org website. Users can install their own Python packages as well or use Cython to generate C code from Python modules for additional speed. Except it’s not yet available for Linux users, according to the article. “Microsoft has previously announced SQL Server would be available for Linux, but right now, only the Windows version of SQL Server 2017 supports Python.” Read more of this story at Slashdot. 
An anonymous reader quotes a report from BleepingComputer: A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations. Called USB Canary, this tool is coded in Python and currently, works only on Linux (versions for Windows and Mac are in the works). The tool works by watching USB ports for any activity while the computer is locked, which generally means the owner has left his desk. If an USB device is plugged in or unplugged, USB Canary can perform one of two actions, or both. It can alert the owner by sending an SMS message via the Twilio API, or it can post a message in a Slack channel, which can be monitored by other co-workers. USB Canary can prove to be a very useful tool for large organizations that feature strict PC policies. For example, if you really want to enforce a “No USB drives” at work, this could be the tool for the job. Further, with modifications, it could be used for logging USB activity on air-gapped systems. Read more of this story at Slashdot. 
After WikiLeaks revealed data exposing information about the CIA’s arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer’s low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple’s Macbooks. The documents from CIA’s Embedded Development Branch (EDB) mention an OS X “implant” called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a “Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant.” The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system’s hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system’s current EFI or against an EFI image previously extracted from a system. Read more of this story at Slashdot.