Did not downvote you, but I think you might have missed the point: If the package is widely in use, one could change the host that is pinged/whatever. People probably don't look in depth at such packages and will just update it. This leads to probably MASSIVE traffic to endpoints which are not expecting this.
That is pretty much what happend with this dubious WordPress plugin developers that changed their "license check" or keep-alive check or whatever to do some hundred thousand (or so) "checks" to their competitors website per hour.
from Hacker News - New Comments: "WordPress" http://bit.ly/2Qtzoau
via IFTTT
No comments:
Post a Comment