» » » Thousands of Npm Accounts Use Email Addresses With Expired Domains

Thousands of Npm Accounts Use Email Addresses With Expired Domains

, Edit
An academic research project found that thousands of JavaScript developers are using an email address with an expired domain for their npm accounts, leaving their projects exposed to easy hijacks. From a report: The study, performed last year by researchers from Microsoft and North Caroline State University, analyzed the metadata of 1,630,101 libraries uploaded on Node Package Manager (npm), the de-facto repository for JavaScript libraries and the largest package repository on the internet. Researchers said they found that 2,818 project maintainers were still using an email address for their accounts that had an expired domain, some of which they found on sale on sites like GoDaddy. The team argued that attackers could buy these domains, re-register the maintainer's address on their own email servers, and then reset the maintainer's account password and take over his npm packages.

Read more of this story at Slashdot.



from Slashdot https://ift.tt/xK1V2RQ

SUBSCRIBE TO OUR NEWSLETTER

Admin

“Work hard in silence, let your success be your noise"

0 Response to "Thousands of Npm Accounts Use Email Addresses With Expired Domains"

Post a Comment

Subscribe to: Post Comments (Atom)

ad

Search Your Job