 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
If you downloaded PyTorch-nightly on Linux via pip between Dec. 25, 2022, and Dec. 30, 2022, you’ve got trouble.
Someone, we still don’t know who, uploaded a poisoned Python Package Index (PyPI) dependency that hid under the real dependency name, torchtriton. Once in place, the fake torchtriton 3.0.0 would run a malicious binary.
Once in place, this would grab the following system information:
The good news is that this supply chain attack only hit the nightly builds. If you weren’t using these, you’d be safe.
You might wonder how this could happen since the malicious code wasn’t copied over the good version. The PyTorch Team explained, “Since the PyPI index takes precedence, this malicious package was being installed instead of the version from our official repository. This design enables somebody to register a package by the same name as one that exists in a third-party index, and pip will install their version by default.”
Still, the good news is that it was “only” the nightly. The bad news is PyTorch is very popular with cutting-edge, machine-learning developers. So, the malware version of torchtriton ended up being downloaded 2,386 times. That’s a lot of fouled-up developer machines.
So, what do you do now?
First, check to see if you have a case with the following command:
python3 -c "import pathlib;import importlib.util;s=importlib.util.find_spec('triton'); affected=any(x.name ==
If you dump the bad file as soon as possible. You do that by uninstalling it and replacing it with a nightly binary dated December 31st, 2022, or later with the command:
$ pip3 uninstall -y torch torchvision torchaudio torchtriton $ pip3 cache purge
This attack was easier than you might think. As Henrik Plate, an Endor Labs security researcher, observed, “Dependency confusion attacks were among the most prominently used attack vectors in 2022, most of which target company-internal packages hosted on private binary repositories (rather than open source packages as in the case of PyTorch). That’s because it’s relatively cheap to craft (and automate) such attacks because attackers don’t need to interfere with any resources of an existing, legitimate project. Instead, they can reserve the name of a legitimate package in a public package repository such as PyPI or npm.”
So, once more, with feeling, adopt a security scanner rather than just trusting that the freshest code is safe. There are a lot of hackers out there ready and waiting to insert bad code into your programs and onto your machines.
Based on Python, Pytorch is a popular open source machine learning framework, with support for a wide variety of mathematical operations and deep learning operations.
