Hackers can use python's pip to steal your data!

Take my SQL Injection for Beginners course for FREE: https://ift.tt/5vqCtcH Installing external python packages with pip can be dangerous because threat actors can easily create malicious packages that contain malicious code in the setup.py script. Since pip gives arbitrary code execution when installing a package on the end user's computer, hackers can take advantage of this to do something malicious like stealing API keys, SSH keys, passwords, etc. The setup.py script is required to be executed in order to build a wheel file from the source distribution. So a simple and innocent command like "pip install [package-name]" can be very dangerous to you and your organization. Read my blog post to learn more: https://bit.ly/3caln0u DISCLAIMER This video and the blog post are produced only for educational purposes and to bring awareness to users about potential risks they face while installing external libraries with pip and how to stay safe from the same. I do not promote or encourage any illegal activities. In order to stay safe from malicious python packages, follow these simple rules: - Make sure you cross-check the GitHub repo linked to a PyPI package's page and verify it is what it claims it is. - If you are installing a random package from Python Package Index that you have never heard about before, use the "--only-binary :all:" flag with pip that tells pip to only install from binary (wheel) files. This prevents code execution when the package is being installed. - Take some time to go through the actual source code of the package before installing it just to make sure it contains nothing malicious. Check out my AWS Playlist: https://www.youtube.com/watch?v=hlQH9... Thanks for watching! SUBSCRIBE for more videos! Join my Discord: https://ift.tt/qvXUHjf Follow me on Instagram: https://ift.tt/mGCYHAW Website: https://techraj156.com​​​​​ Blog: https://ift.tt/J2RIDK7
For more hacking info and tutorials visit: https://ift.tt/sMxNfeT
Hello and welcome to the temple of cybersecurity. Now you are watching Hackers can use python's pip to steal your data! published at July 13, 2022 at 05:37AM. If you are looking for tutorials and all the news about the world of hacking and computer security, you have come to the right place. We invite you to subscribe to our newsletter in the box at the top and to follow us on our social networks:
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/5SmaP39rdM



Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news