Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Ars Technica (arstechnica@mastodon.social)'s status on Tuesday, 05-Nov-2024 18:13:38 JST Ars Technica

JavaScript developers targeted by hundreds of malicious code libraries
These are not the the developer tools you think they are.
https://arstechnica.com/security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
In conversation about 17 days ago from mastodon.social permalink
Attachments
1. Untitled attachment
  https://files.mastodon.social/media_attachments/files/113/427/282/612/360/949/original/43b3125f7ef633f1.jpg
2. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
  
  Hundreds of code libraries posted to NPM try to install malware on dev machines
  
  These are not the the developer tools you think they are.
- Charlie Stross and Xenotar repeated this.
- Embed this notice
  JohnMashey (johnmashey@mstdn.social)'s status on Tuesday, 05-Nov-2024 18:13:38 JST JohnMashey
  in reply to
  
  @arstechnica
  Reminder of Ken Thompson’s 1984 Turing lecture, Reflections in Trusting Trust, about a1975 hack:
  https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
  It’s even more relevant now given the greatly-increased layers of software used by programmers.
  Tidbit: AFAIK, out group was the only one to notice this hack, which occurred a few weeks after I’d read John Brunner’s The Shockwave Rider & laughed prematurely at idea of worms with infinitely-replicating tails.
  In conversation about 17 days ago permalink
  Attachments
  1. Untitled attachment

Public

Conversation

Notices

Feeds