If you have a look at the page “Where I’ve been” you will see that I have traveled in most of Sub Saharan Africa. I travel in Africa for work, which is installing advertisement monitoring systems for one of my customers. Because the systems monitor radio and television broadcasts there is always an antenna involved in the installation. … Read More
News for nerds, stuff that matters
Backdoor Code Found In 11 Ruby Libraries
Maintainers of the RubyGems package repository have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism and were caught inserting code that launched hidden cryptocurrency mining operations inside other people's Ruby projects. ZDNet reports: The malicious code was first discovered yesterday inside four versions of rest-client, an extremely popular Ruby library. According to an analysis by Jan Dintel, a Dutch Ruby developer, the malicious code found in rest-client would collect and send the URL and environment variables of a compromised system to a remote server in Ukraine. "Depending on your set-up this can include credentials of services that you use e.g. database, payment service provider," Dintel said. The code also contained a backdoor mechanism that allowed the attacker to send a cookie file back to a compromised project, and allow the attacker to execute malicious commands. A subsequent investigation by the RubyGems staff discovered that this mechanism was being abused to insert cryptocurrency mining code. RubyGems staff also uncovered similar code in 10 other projects. All the libraries, except rest-client, were created by taking another fully functional library, adding the malicious code, and then re-uploading it on RubyGems under a new name. All in all, all the 18 malicious library versions only managed to amass 3,584 downloads before being removed from RubyGems.
Anyone that runs a mail server very quickly learns how to fight spam if he wants to do his job properly. It is also one of the favourite pastimes of the clueless to think up stupid ways to fight spam. Today I saw a brilliant answer to one of these ideas on the postfix mail list.