Trojan Source Code - Can we trust open-source anymore?｜Cheuk Ting Ho｜PyCon APAC 2022

PyCon APAC 2022｜一般演講 Talks｜國泰金控 Cathay Financial Holdings / 美光科技 Micron 冠名贊助

✏️ 共筆 Note：https://hackmd.io/jeexX3rHS3-5sHLa8MRmfA 🖐🏻 Slido：https://app.sli.do/event/1KMf9S167YGfLtQPu3hxLv 💬 語言 Language：英文 English 🎯 層級 Level：入門 Novice 🔎 分類 Category：資訊安全 Security

💡 摘要 Abstract 💡 Recently, a paper is published to demonstrate how a visibly valid contribution can contain malicious code by exporting the Unicode control characters. Some of these has been tested on Python and it works. Shall the Python and open-source communities be concerned?

🪄 說明 Description 🪄 Background: After researchers at the University of Cambridge published a paper about a malicious attack named Trojan Source, which exploited the fact that some program interpreters, like CPython, can handle Unicode. This has caused concerns in the open-source community about the malicious contribution that looks totally legitimate in human eyes but contain invisible attacks. As a member of the Python community, we should all be aware of that and understand how we can prevent this attack to happen.

About this talk: In this talk, Cheuk will decode the finding in this paper to a level that can be understood by everyone. She will start with a joke example who you can mess up someone by using Unicode. She will then explain what is Unicode and why it causes trouble. Afterwards, she will explain the Python examples in the paper and why it can be dangerous. Lastly, she will open up a discussion on how we should defend ourselves from those attacks and what we can do as a community.

🚀 About Speaker - Cheuk Ting Ho 🚀 Before working in Developer Relations, Cheuk has been a Data Scientist in various companies which demands high numerical and programmatical skills, especially in Python. To follow her passion for the tech community, now Cheuk is the Developer Advocate for Anaconda. Besides her work, Cheuk enjoys speaking at various conferences. Cheuk also organises events for developers. Cheuk has organised conferences including EuroPython (of which she is a board member), PyData Global and Pyjamas Conf. Believing in Tech Diversity and Inclusion, Cheuk constantly organizes workshops and mentored sprints for minority groups. In 2021, Cheuk has become a Python Software Foundation fellow.

#pycontw #pyconapac2022 #python #datasecurity #opensource #trojansource

Follow “PyCon Taiwan” ⭐️ Official Website: https://tw.pycon.org ⭐️ Facebook: https://www.facebook.com/pycontw ⭐️ Instagram: https://www.instagram.com/pycontw ⭐️ Twitter: https://twitter.com/PyConTW ⭐️ LinkedIn: https://www.linkedin.com/company/pycontw ⭐️ Blogger: https://pycontw.blogspot.com ... https://www.youtube.com/watch?v=YS3Ks_R80lQ