top of page

Head's up! Check your Python modules

Head's up! Be on the lookout for malicious Python libraries! As reported by Developer Tech and Naked Security there is an imposter version of the popular library dateutill which is called python3-dateutil with a one '1' at the end instead of a lowercase L, 'l'. The malicious library can steal keys for Secure Shell (SSH), a network encryption protocol, and GnuPG Privacy guard, encryption software.

You can confirm which python modules you have installed with the pip freeze command. In your scripts directory simply enter, 'pip freeze'.

. . . and a list of installed modules will be generated.

bottom of page