In August 2017 a typosquatting attack was discovered in the popular code repository npm. For two weeks nobody noticed as hackers tricked users into installing malicious packages that exfiltrated developer’s credentials. In this talk I’ll describe the attack in detail and show how I used some of the awesome features of the F# language to hunt for other attacks.
Seperation of concerns is a practice we all apply to our code, but can get lost when we implement our devops processes. This session describes some of these concerns, how they can get mixed up and some technologies to help prise them apart.