Tschacher: Typosquatting programming language package managers

Nikolai Tschacher demonstrateshow easy it is to run arbitrary code by way of "typosquatting" uploadsto programming language download sites. "Because everybody canupload any package on PyPi, it is possible to create packages which aretypo versions of popular packages that are prone to be mistyped. And ifsomebody unintentionally installs such a package, the next question comesintuitively: Is it possible to run arbitrary code and take over thecomputer during the installation process of a package?" He tried anexperiment and was able to run a little program that phoned home fromthousands of systems.