Software is becoming more interdependent, and that’s a big security problem

by Reima Budd on Jun 28, 2022 Software 178 Views

O

n 16 March, 20 days after Russia invaded Ukraine, users of the Vue.js development framework were panicking. Vue is a set of tools that makes it easier for developers to build interfaces for websites and web applications, including at companies like Facebook, Netflix and Nintendo. According to BuiltWith, it powers 19.8 per cent of the world’s biggest 10,000 websites.

So, what does a popular programming tool have in common with the war in Ukraine? Under the hood, Vue, like all tools of its kind, relies on a bundle of other software packages that it automatically downloads. Software packages make it easier for programmers to add functionality to their applications without having to code it from scratch.

In this case, Vue included a dependency on a package called “node-ipc”, whose developer decided to add a small amount of code that would create a text file containing anti-war messages on the desktops of those who use it. But if the package was installed on a device with a Russian or Belarussian IP address, it would also start wiping files from the device and replacing them with a heart emoji.

This was not the first incident of its kind. Earlier this year, the developer of two other popular packages sabotaged them by modifying them to produce gibberish text instead of their expected output.

These incidents show how software developers rely on an increasingly large ecosystem of third-party packages. While these packages can greatly simplify and speed up development, they also have wide security implications.

Read more about the blog in-depth here.

 

Article source: https://article-realm.com/article/Computers/Software/24139-Software-is-becoming-more-interdependent-and-that-s-a-big-security-problem.html

Reviews

Guest

Overall Rating:

Comments

No comments have been left here yet. Be the first who will do it.
Safety

captchaPlease input letters you see on the image.
Click on image to redraw.

Statistics

Members
Members: 15137
Publishing
Articles: 62,821
Categories: 202
Online
Active Users: 380
Members: 0
Guests: 380
Bots: 1290
Visits last 24h (live): 5471
Visits last 24h (bots): 14111

Latest Comments

DME of America: Cutting-edge Medical Equipment Solutions like  roscoe nebulizer machine  ,Transforming Healthcare Across the United States.  
Wedding Venues in Chattarpur and MG Road. List of in Chattarpur, Banquet Halls, Hotels for Party pldestinationaces in Chattarpur and MG Road Ever thought of enjoying a multi-theme Wedding...
What an informative blog post! ???? You’ve done a fantastic job of making complex topics easy to follow. The practical tips and examples you provided are incredibly actionable. Your...
For those who may have difficulty interacting socially or have experienced trauma, robot sex dolls can serve as a therapeutic tool, providing a safe space to express feelings and overcome...
on Sep 1, 2024 about Ronymeran
Excellent post! The content was easy to follow and the practical advice very useful. I appreciated the visuals and examples which made it more engaging. This is definitely a post I’ll save....