Python is a Hit With Hackers, Report Finds (zdnet.com) 72
After breaking into the top three most popular programming languages for the first time this month, behind C and Java, Python has also won the hearts of hackers and web nasties, according to attack statistics published this week by web security biz Imperva. From a report: The company says more than a third of daily attacks against sites the company protects come from a malicious or legitimate tool coded in Python. Imperva says that around 77 percent of all the sites the company protects, have been attacked by at least one Python-based tool. Furthermore, when the company looked at the list of tools that hackers used for their attacks, more than a quarter were coded in Python, by far the attackers' favorite tool. "Hackers, like developers, enjoy Python's advantages which makes it a popular hacking tool," the Imperva team says.
update their CoC (Score:1)
Obviously, Python needs to update their Code of Conduct to exclude the web nasties from using the language to create tools to attack systems.
Python advantages? (Score:2)
or simply popularity?
Re: (Score:3, Insightful)
Yea that's sortof my take on this, too. It's got a lot less to do with Python's practical usefulness and a lot more to do with how trends get set in script kiddie communities.
Re: (Score:3)
Re: (Score:2)
Ecosystem.
Re: (Score:2)
It's hot now but so was Perl in the 1990s.
Re: (Score:2)
1) Archie bunker was already dead in the 90's from an old age related thing
2) Even if it was young Archie, do you really think something that could make something that looks like that could ever be hot?
I hate how no one on this damn site thinks about these things!
Re: (Score:2)
And a large collection of solid libraries.
Language written to be easy to code and read.
Low barrier to begin a program.
Cross platform.
Support is easy to get.
Re: (Score:2)
I'm not really sure what your point is, but remember that there is something called "VBscript" that is interpreted and was common for a while.
Re: (Score:2)
VB script wasn’t VB like JavaScript isn’t Java.
VB script wasn’t nearly as nice as python is. And it only worked in Windows
Re: (Score:3)
I always hack naked. When you abuse someone, you can as well do it right.
Re: (Score:2)
Looks like Sparc Flow's TTP are spreading.
http://hacklikeapornstar.com/ [hacklikeapornstar.com]
Why Python? (Score:1)
Python: The tool to use when you want to get things done fast.
Re:Why Python? (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
Ok, Python as a language can in fact be compiled... this is true. It can also be run through modern JITs. But
I have no idea what you mean by native speed... are you suggesting that Python can be compiled into native code? Ok... great...JIT is almost always faster than compiled code if the programmer understands the JIT and can optimize towards it. This is no different than how we used to sit with profilers and C code and shaving clock cycles off of compiled code. It's far more effective wit
Re: (Score:2)
Python isn’t a slacker in performance. You do need to know how it handles stuff. Such as if you are appending a string you do
Stuff += otherstuff vs Stuff = Stuff + otherstuff
Plus there is a big supply of well made libaries. Which may be hard for you code as well (I know, I know you are the best coder in the world, Baratte us with you exploits where you fixed some guys code who was supposed to be the expert or did a fix to the system in record time. Or how you aced some coding competition... )
Writing vs. Reading (Score:3)
Write fast, not necessarily read fast. Perl had a reputation for being quick and short to write code with, but such code had very questionable readability by somebody besides the author.
Remember, roughly 2/3 of software cost is maintenance, not original writing. I'm not claiming Python has a problem in this area, only saying that quick/short writing of code is only part of a real-world score.
Re: (Score:1)
The original statement was "...get things done". It didn't define "things", so I assumed it was about general coding-related tasks, which on average has maintenance involved. If your shop/task/situation doesn't need maintenance, then it should go without saying that it doesn't need maintenance. If they meant only hacking and not general, they should not have used "things".
I suppose I should have been clearer, but a perfectly clear statement, including all interpretation assumptions made, would probably requ
Red programming language... (Score:1)
USA nonsense all over the place...
Re: (Score:1)
Polymorphism is gender fiddling, bannit!
Better ban it (Score:2)
Most people can't run it... (Score:1)
Unless they deliver the Python runtime along with it (which no longer makes it "just a Python script"), any Python-based malware won't do shit on anyone's machine except for servers and web developer boxes where the runtime is already there.
Have I missed something?
Re: (Score:2)
"Some of the best SOAR products" followed by "I'm talking 6-digit packages here".
If you find a SOAR product that costs that much... they aren't good to begin with. Let me justify this clearly.
Security can only work in mass economy. That means that there must be as many s
I don't know what tool he's talking about (Score:2)
Switch to COBOL! (Score:2)
You know, in my extensive research, Ive found indications that HACKERS HATE COBOL, you would be really hard pressed to find a COBOL rootkit attached to an email. I think we should all switch over!
How do they know it's python? (Score:2)
Re: (Score:2)
You'll mostly be able to tell with HTTP requests, the user agent header will have a default python.requests or whatever library they're using for their script. Some guys will take the time to put in a fake browser user agent, but generally you see their Python library version. If you're in a SOC you can just watch for python in the user agent and 99% of the time it'll be malicious traffic.
Re: (Score:2)
Re: (Score:2)
Security Operations Center. Like how a NOC is for network operations.
Taught in schools (Score:2)