Article 76E22 [$] AURpocalypse now: a look at the recent AUR attacks

[$] AURpocalypse now: a look at the recent AUR attacks

by
jzb
from LWN.net on (#76E22)

The Arch User Repository (AUR) hasbeen subjected to a sustained attack recently. The attacker, or attackers, havespun up a series of new accounts then used them to adopt orphanedpackages and push malicious updates that would install malware on users' systems.It is unclear how many users were compromised in the attack, but the maintainerswere playing Whac-A-Mole for several days to respond to each newly compromisedpackage. The project has turnedoff the AUR's new-user registration, for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes toits existing collaboration model.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments