MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
pypi
Recherche

Preventing domain-resurrection attacks (PyPI blog)

mardi 19 août 2025, 22:33 , par LWN.net
The Python Package Index (PyPI) has announced that it is now
checking for expired domains to try to prevent domain-resurrection
attacks. In this type of attack, a malicious user buys an expired
domain and uses it to take over an account by resetting the password
associated with the email used with PyPI. Since June, PyPI has
unverified more than 1,800 email addresses after their associated
domains entered expiration phases.

After an initial bulk check period that took place in April 2025,
PyPI will check daily for any domains in use for status changes, and
update its internal database with the most recent status.

If a domain registration enters the redemption period, that's an
indicator to PyPI that the previously verified email destinations may
not be trusted, and will un-verify a previously-verified email
address. PyPI will not issue a password reset request to addresses
that have become unverified.

PyPI recommends that users add a second verified email address
'from another notable domain (e.g. Gmail)' to their account, if
they do not have one already.
Lire la suite sur LWN.net
https://lwn.net/Articles/1034450/

Voir aussi

pypi Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations TheRegister18 Aug
email Demand for .AI domain names soars along with values BetaNews14 Aug
domains Crooks can't let go: Active attacks target Office vuln patched 8 years ago TheRegister13 Aug
domain-resurrection Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks TheRegister11 Aug
domain Ransomware attacks up by 41 percent globally BetaNews11 Aug
attacks Threat actors move to smaller more persistent attacks BetaNews11 Aug
not Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise' TheRegister 7 Aug
unverified AI-powered attacks, zero-days, and supply chain breaches -- the top cyber threats of 2025 BetaNews 7 Aug
associated Google Suffers Data Breach in Ongoing Salesforce Data Theft Attacks Slashdot 6 Aug
account Like an ICE agent, man sports a ski mask — then attacks New York subway crowd with mace BoingBoing 4 Aug
addresses China’s botched Great Firewall upgrade invites attacks on its censorship infrastructure TheRegister 4 Aug
address Attacks evolve too quickly for businesses to maintain truly resilient security BetaNews31 Jul
check We need a European Sovereign Tech Fund (GitHub blog) LWN.net30 Jul
status Blame a leak for Microsoft SharePoint attacks, researcher insists TheRegister26 Jul
verified Microsoft walks us through Copilot Search with a domain it doesn't even own TheRegister25 Jul
pypi Microsoft: SharePoint attacks now officially include ransomware infections TheRegister24 Jul
email Microsoft SharePoint victim count hits 400+ orgs in ongoing attacks TheRegister23 Jul
domains What’s behind the recent rise in identity-based attacks? [Q&A] BetaNews23 Jul
domain-resurrection Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks TheRegister14 Jul
domain NVIDIA Warns Its High-End GPUs May Be Vulnerable to Rowhammer Attacks Slashdot12 Jul
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
ven. 22 août - 14:52 CEST