close
  • Ar chevron_right

    10 malicious Python packages exposed in latest repository attack

    news.movim.eu / ArsTechnica · Tuesday, 9 August - 18:01 · 1 minute

Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common.

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images)

Researchers have discovered yet another set of malicious packages in PyPi , the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

Check Point Research, which reported its findings Monday , wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy , a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.

Such supply-chain attacks are becoming increasingly common, especially among open source software repositories that support a wide swath of the world's software. Python's repository is a frequent target, with researchers finding malicious packages in September 2017 ; June , July , and November 2021; and June of this year. But trick packages have also been found in RubyGems in 2020 , NPM in December 2021 , and many more open source repositories.

Read 5 remaining paragraphs | Comments

  • Ga chevron_right

    Machine learning made easy with Python - Solve real-world machine learning problems with Naïve Bayes classifiers

    news.movim.eu / gadgeteerza-tech-blog · Friday, 29 January, 2021 - 10:50

Naïve Bayes is a classification technique that serves as the basis for implementing several classifier modeling algorithms. Naïve Bayes-based classifiers are considered some of the simplest, fastest, and easiest-to-use machine learning techniques, yet are still effective for real-world applications.

Naïve Bayes is based on Bayes' theorem, formulated by 18th-century statistician Thomas Bayes. This theorem assesses the probability that an event will occur based on conditions related to the event. For example, an individual with Parkinson's disease typically has voice variations; hence such symptoms are considered related to the prediction of a Parkinson's diagnosis. The original Bayes' theorem provides a method to determine the probability of a target event, and the Naïve variant extends and simplifies this method.

This code and project will be of interest to any Python (or even other) programmers wanting to go to the next level in terms of building machine learning predictability into their applications.

See https://opensource.com/article/21/1/machine-learning-python

#technology #machinelearning #python #programming #predictions