Alex CoventryJan 1, 2023

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.

Steals all your SSH keys!

"If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022)."

#infosec #machinelearning #deeplearning

https://pytorch.org/blog/compromised-nightly-dependency/

https://news.ycombinator.com/item?id=34202836

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022. – PyTorch

Show threadAdrian MaceJan 1, 2023
@alx jokes on them; I don’t have any SSH keys! https://github.com/maxgoedjen/secretive
GitHub - maxgoedjen/secretive: Protect your SSH keys with your Mac's Secure Enclave

Protect your SSH keys with your Mac's Secure Enclave - maxgoedjen/secretive

GitHub
Show threadfuomag9
@adrian @alx this is amazing! 
Jan 1, 2023 at 11:49amWeb