Even big data devs make big data security gaffes

Even big data devs make big data security gaffes

Even big data devs make big data security gaffes

Apache Big Data Europe Big data application programmers routinely download and execute unverified code, opening the door to information-stealing hackers, a security researcher has claimed.

Olaf Flebbe, chief software architect at European software integrator Science+Computing, is upset that software engineers have got into the habit of insecurely reusing components. This puts the organization a developer works for, as well as its clients and partners, at risk of compromise, he said.

We should note that this isn't really a problem limited to big data apps: securing package managers to fend off malicious updates is necessary for all programming languages, operating systems and areas of software development. Flebbe was speaking at the Apache Big Data conference in Seville, Spain, however, hence the big data connection.

Flebbe said miscreants can set up shop on expired web domains used by abandoned projects to push out tampered builds of code to unsuspecting coders. Another trouble area, we're told, is Maven – the Apache build manager for Java projects.

Read Also:
Three Ways Big Data Helps Manufacturers Think Bigger

During his presentation at the Apache conference last week, Flebbe demonstrated an exploit involving Apache Flink – an open-source stream and batch-processing tool that can be installed via Maven. He showed how it was possible to fool Maven into downloading and running calc.exe rather than the legit Sysinternals tool junction.exe on a Windows system. The point was to show that it is possible to trick Maven users into unknowingly bringing malicious software onto their computers.

 



Enterprise Data World 2017

2
Apr
2017
Enterprise Data World 2017

$200 off with code 7WDATA

Read Also:
Protect Your Organization amid the Data Sovereignty Sea Change

Data Visualisation Summit San Francisco

19
Apr
2017
Data Visualisation Summit San Francisco

$200 off with code DATA200

Read Also:
5 tips for embracing open data science in the enterprise

Chief Analytics Officer Europe

25
Apr
2017
Chief Analytics Officer Europe

15% off with code 7WDCAO17

Read Also:
Protect Your Organization amid the Data Sovereignty Sea Change
Read Also:
The CEO of £1.4 billion software giant Xero says AI will be 'transformational' for finance

Chief Analytics Officer Spring 2017

2
May
2017
Chief Analytics Officer Spring 2017

15% off with code MP15

Read Also:
Where’s the Best View for Big Data Visualisation?

Big Data and Analytics for Healthcare Philadelphia

17
May
2017
Big Data and Analytics for Healthcare Philadelphia

$200 off with code DATA200

Read Also:
5 tips for embracing open data science in the enterprise

Leave a Reply

Your email address will not be published. Required fields are marked *