BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//programme.europython.eu//europython-2026//speaker//TVA3T
 Q
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-europython-2026-NXNHSB@programme.europython.eu
DTSTART;TZID=CET:20260716T141500
DTEND;TZID=CET:20260716T144500
DESCRIPTION:In July 2025\, PyPI users received emails directing them to pyp
 j.org—a near-perfect clone transparently proxying requests to pypi.org. 
 Within hours\, attackers compromised four accounts and uploaded malicious 
 releases of the popular num2words package.\n\nThis talk dissects the compl
 ete attack chain: how attackers harvested email addresses from public pack
 age metadata\, built a transparent proxy that relayed TOTP codes in real-t
 ime\, and why traditional 2FA failed while WebAuthn-based authentication s
 topped the attack cold.\n\nThe session covers the incident response timeli
 ne\, challenges getting malicious infrastructure taken down (including ini
 tial rejection of abuse reports)\, and defensive measures deployed afterwa
 rd—including new email verification for TOTP logins from unrecognized de
 vices.\n\nAttendees will learn exactly how modern phishing attacks work ag
 ainst package repositories\, the critical difference between "phishable" a
 nd "phishing-resistant" 2FA\, and practical steps to protect accounts and 
 packages from the next campaign. The talk also examines the September 2025
  follow-up campaign targeting pypi-mirror.org and patterns across these on
 going attacks.
DTSTAMP:20260524T122005Z
LOCATION:Auditorium Hall (S1)
SUMMARY:Anatomy of a Phishing Campaign - Mike Fiedler
URL:https://programme.europython.eu/europython-2026/talk/NXNHSB/
END:VEVENT
END:VCALENDAR