1 00:00:01,680 --> 00:00:03,669 covering the week's top tech stories 2 00:00:03,669 --> 00:00:03,679 covering the week's top tech stories 3 00:00:03,679 --> 00:00:06,309 covering the week's top tech stories with a slight linux bias three 4 00:00:06,309 --> 00:00:06,319 with a slight linux bias three 5 00:00:06,319 --> 00:00:08,470 with a slight linux bias three javascript packages have been removed 6 00:00:08,470 --> 00:00:08,480 javascript packages have been removed 7 00:00:08,480 --> 00:00:10,470 javascript packages have been removed from the npm portal for containing 8 00:00:10,470 --> 00:00:10,480 from the npm portal for containing 9 00:00:10,480 --> 00:00:11,990 from the npm portal for containing malicious code 10 00:00:11,990 --> 00:00:12,000 malicious code 11 00:00:12,000 --> 00:00:13,990 malicious code according to advisories from the mpm 12 00:00:13,990 --> 00:00:14,000 according to advisories from the mpm 13 00:00:14,000 --> 00:00:15,110 according to advisories from the mpm security team 14 00:00:15,110 --> 00:00:15,120 security team 15 00:00:15,120 --> 00:00:17,349 security team the three javascript libraries open 16 00:00:17,349 --> 00:00:17,359 the three javascript libraries open 17 00:00:17,359 --> 00:00:19,029 the three javascript libraries open shells on the computers of developers 18 00:00:19,029 --> 00:00:19,039 shells on the computers of developers 19 00:00:19,039 --> 00:00:20,870 shells on the computers of developers who imported the packages into their 20 00:00:20,870 --> 00:00:20,880 who imported the packages into their 21 00:00:20,880 --> 00:00:22,230 who imported the packages into their projects 22 00:00:22,230 --> 00:00:22,240 projects 23 00:00:22,240 --> 00:00:23,990 projects the shells allow threat actors to 24 00:00:23,990 --> 00:00:24,000 the shells allow threat actors to 25 00:00:24,000 --> 00:00:25,589 the shells allow threat actors to connect remotely to the infected 26 00:00:25,589 --> 00:00:25,599 connect remotely to the infected 27 00:00:25,599 --> 00:00:26,390 connect remotely to the infected computer 28 00:00:26,390 --> 00:00:26,400 computer 29 00:00:26,400 --> 00:00:29,429 computer and execute malicious operations the npm 30 00:00:29,429 --> 00:00:29,439 and execute malicious operations the npm 31 00:00:29,439 --> 00:00:29,990 and execute malicious operations the npm security 32 00:00:29,990 --> 00:00:30,000 security 33 00:00:30,000 --> 00:00:31,750 security team said that the shells don't depend 34 00:00:31,750 --> 00:00:31,760 team said that the shells don't depend 35 00:00:31,760 --> 00:00:33,910 team said that the shells don't depend on a particular operating system 36 00:00:33,910 --> 00:00:33,920 on a particular operating system 37 00:00:33,920 --> 00:00:36,069 on a particular operating system and could be used to compromise windows 38 00:00:36,069 --> 00:00:36,079 and could be used to compromise windows 39 00:00:36,079 --> 00:00:37,670 and could be used to compromise windows linux freebsd 40 00:00:37,670 --> 00:00:37,680 linux freebsd 41 00:00:37,680 --> 00:00:40,869 linux freebsd openbsd and other systems 42 00:00:40,869 --> 00:00:40,879 openbsd and other systems 43 00:00:40,879 --> 00:00:42,950 openbsd and other systems all three packages were uploaded to the 44 00:00:42,950 --> 00:00:42,960 all three packages were uploaded to the 45 00:00:42,960 --> 00:00:44,069 all three packages were uploaded to the npm 46 00:00:44,069 --> 00:00:44,079 npm 47 00:00:44,079 --> 00:00:46,869 npm portal in 2018 and each had hundreds of 48 00:00:46,869 --> 00:00:46,879 portal in 2018 and each had hundreds of 49 00:00:46,879 --> 00:00:48,709 portal in 2018 and each had hundreds of downloads since then 50 00:00:48,709 --> 00:00:48,719 downloads since then 51 00:00:48,719 --> 00:00:51,750 downloads since then the package's names are plutovs dash 52 00:00:51,750 --> 00:00:51,760 the package's names are plutovs dash 53 00:00:51,760 --> 00:00:52,630 the package's names are plutovs dash slack dash 54 00:00:52,630 --> 00:00:52,640 slack dash 55 00:00:52,640 --> 00:00:58,150 slack dash client nodetest199 and nodetest1010 56 00:00:58,150 --> 00:00:58,160 client nodetest199 and nodetest1010 57 00:00:58,160 --> 00:01:02,069 client nodetest199 and nodetest1010 npm security team said any computer that 58 00:01:02,069 --> 00:01:02,079 npm security team said any computer that 59 00:01:02,079 --> 00:01:02,310 npm security team said any computer that is 60 00:01:02,310 --> 00:01:02,320 is 61 00:01:02,320 --> 00:01:04,070 is that has this package installed or 62 00:01:04,070 --> 00:01:04,080 that has this package installed or 63 00:01:04,080 --> 00:01:05,590 that has this package installed or running should be considered fully 64 00:01:05,590 --> 00:01:05,600 running should be considered fully 65 00:01:05,600 --> 00:01:06,789 running should be considered fully compromised 66 00:01:06,789 --> 00:01:06,799 compromised 67 00:01:06,799 --> 00:01:08,630 compromised all secrets and keys stored on that 68 00:01:08,630 --> 00:01:08,640 all secrets and keys stored on that 69 00:01:08,640 --> 00:01:11,190 all secrets and keys stored on that computer should be rotated immediately 70 00:01:11,190 --> 00:01:11,200 computer should be rotated immediately 71 00:01:11,200 --> 00:01:14,310 computer should be rotated immediately from a different computer they warn 72 00:01:14,310 --> 00:01:14,320 from a different computer they warn 73 00:01:14,320 --> 00:01:16,550 from a different computer they warn the package should be removed but as 74 00:01:16,550 --> 00:01:16,560 the package should be removed but as 75 00:01:16,560 --> 00:01:18,070 the package should be removed but as full control of the computer may have 76 00:01:18,070 --> 00:01:18,080 full control of the computer may have 77 00:01:18,080 --> 00:01:20,070 full control of the computer may have been given to an outside entity 78 00:01:20,070 --> 00:01:20,080 been given to an outside entity 79 00:01:20,080 --> 00:01:21,910 been given to an outside entity there is no guarantee that removing the 80 00:01:21,910 --> 00:01:21,920 there is no guarantee that removing the 81 00:01:21,920 --> 00:01:23,749 there is no guarantee that removing the package will remove all malicious 82 00:01:23,749 --> 00:01:23,759 package will remove all malicious 83 00:01:23,759 --> 00:01:24,550 package will remove all malicious software 84 00:01:24,550 --> 00:01:24,560 software 85 00:01:24,560 --> 00:01:27,990 software resulting from installing it mpm 86 00:01:27,990 --> 00:01:28,000 resulting from installing it mpm 87 00:01:28,000 --> 00:01:29,990 resulting from installing it mpm security staff regularly scans its 88 00:01:29,990 --> 00:01:30,000 security staff regularly scans its 89 00:01:30,000 --> 00:01:31,990 security staff regularly scans its collection of javascript libraries 90 00:01:31,990 --> 00:01:32,000 collection of javascript libraries 91 00:01:32,000 --> 00:01:33,350 collection of javascript libraries considered the largest package 92 00:01:33,350 --> 00:01:33,360 considered the largest package 93 00:01:33,360 --> 00:01:36,230 considered the largest package repository for any programming language 94 00:01:36,230 --> 00:01:36,240 repository for any programming language 95 00:01:36,240 --> 00:01:38,630 repository for any programming language thanks for watching the category 5 tv 96 00:01:38,630 --> 00:01:38,640 thanks for watching the category 5 tv 97 00:01:38,640 --> 00:01:39,590 thanks for watching the category 5 tv newsroom 98 00:01:39,590 --> 00:01:39,600 newsroom 99 00:01:39,600 --> 00:01:41,510 newsroom don't forget to like and subscribe for 100 00:01:41,510 --> 00:01:41,520 don't forget to like and subscribe for 101 00:01:41,520 --> 00:01:43,429 don't forget to like and subscribe for all your tech news with a slight linux 102 00:01:43,429 --> 00:01:43,439 all your tech news with a slight linux 103 00:01:43,439 --> 00:01:44,149 all your tech news with a slight linux bias 104 00:01:44,149 --> 00:01:44,159 bias 105 00:01:44,159 --> 00:01:46,149 bias and if you appreciate what we do become 106 00:01:46,149 --> 00:01:46,159 and if you appreciate what we do become 107 00:01:46,159 --> 00:01:49,510 and if you appreciate what we do become a patron at patreon.com 108 00:01:49,510 --> 00:01:49,520 a patron at patreon.com 109 00:01:49,520 --> 00:01:52,469 a patron at patreon.com category 5. from the category 5 dot tv 110 00:01:52,469 --> 00:01:52,479 category 5. from the category 5 dot tv 111 00:01:52,479 --> 00:02:08,590 category 5. from the category 5 dot tv newsroom i'm becca ferguson 112 00:02:08,590 --> 00:02:08,600 newsroom i'm becca ferguson 113 00:02:08,600 --> 00:02:20,770 newsroom i'm becca ferguson [Music] 114 00:02:20,770 --> 00:02:20,780 115 00:02:20,780 --> 00:02:29,350 [Music] 116 00:02:29,350 --> 00:02:29,360 117 00:02:29,360 --> 00:02:31,440 you