nopatience, 6 months ago to datascience

Looking for studies, reports and articles detailing the "real" threat posed by attackers leveraging typosquatting as part of the attack chain.

If you are aware of any such reports I would greatly appreciate a nudge towards where I might find them.

Trying to understand how common the problem is and the characteristics of these attacks.

#ThreatIntel #TypoSquatting #DataScience

circl, 6 months ago to infosec

🚀 New release! The enhanced version of our online typosquatting finder service is now live! Explore the updated features and improvements here: https://typosquatting-finder.circl.lu/

Additionally, we've updated the underlying open-source library and web services. Dive into the advancements on GitHub: https://github.com/typosquatter/ail-typo-squatting

#typosquatting #infosec #domain #typo #opensource

adulau, 7 months ago to opensource

FIRST.org released the videos from Montreal FIRSTCON2023 including the presentation I did about @circl typosquatting-finder

Typosquatting finder Python library - https://github.com/typosquatter/ail-typo-squatting

Online version of the typosquatting-finder service: https://typosquatting-finder.circl.lu/

#opensource #typosquatting #infosec

cc @firstdotorg

Video: https://www.youtube.com/watch?v=s09VFkI4Fn0

adulau, 8 months ago to opensource

We released a new version of the typosquatting Python library

🔗 Source code - https://github.com/typosquatter/ail-typo-squatting
🔗 Online version - https://typosquatting-finder.circl.lu/

The library has been improved to remove potential TLD/gTLDs which do a catch all for any domain. A random string is queried while testing to limit potential false-positive.

Another option has been added to combine algorithms together.

#opensource #typosquatting #python #dns #infosec

aeveltstra, 8 months ago to rust

https://blog.rust-lang.org/inside-rust/2023/09/01/crates-io-malware-postmortem.html

#rust #crates are vulnerable to #typosquatting and #malware injection. Of course they are. Vetting software packages takes a LOT of work and needs to be rewarded.

0x5DA, 9 months ago to webdev

you can now use arbitrary NPM packages server-side.
this was one of the last major caveats to my SSR system!
index.html (abridged)

server.onload = () => {  
 console.log(`1 is ${server.imports.isOdd(1) ? '' : 'not '}odd.`);  
};  

imports.mjs

import isOdd from "is-odd";  
export { isOdd };  

(is-odd is added as a dependency in the local package.json)

#frameworkDev #webdev