The internet is full of free resources and there are plenty of websites out there offering sample codes like Stack Overflow that programmers and developers can use to perform various tasks for computer programming. But a web consultant has pointed out that this common practice could be a security risk. Here are the details.
Paste on computer image from Shutterstock
Earlier this month a developer for Nissan's car mobile app was busted for copying code straight from Stack Overflow. The fact that the developer didn't do their due diligence in removing references to Stack Overflow in an official app from just didn't seem very professional, which was why it garnered attention. The incident did also highlight just how common copying and pasting code is.
Borrowing on existing code that has been made public is not necessarily a bad thing. It could give programmers, developers and IT admins a quick solution to problems they are facing with their own code.
But a new kind of attack called Pastejacking is making this practice more dangerous. Using a function called
He also noted that this method can be combined with a phishing attack to lure users into running seemingly innocuous commands, potentially allowing for remote code execution if the malicious code is pasted into the terminal.
Stockley said the best defence against pastejacking is to exercise caution when copying content off websites. Verify that the code is harmless first by pasting it into a text editor first and look over it before putting it into the terminal.
[Via Naked Security by Sophos]