cybersecurity

4588 readers

41 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

The Solidity Language open-source package was used in a $500,000 crypto heist (securelist.com)

submitted 2 days ago by Pro@programming.dev to c/cybersecurity@infosec.pub

4 comments fedilink hide all child comments

top 4 comments

sorted by: hot top controversial new old

[–] HumanPerson@sh.itjust.works 2 points 2 days ago (3 children)

Someone used a hammer to smash a window and steal stuff. Quick, ban hammers!!!

Getting rid of the tools to exploit vulnerabilities doesn't get rid of the vulnerabilities, and security by obscurity is not security.

[–] kristoff@infosec.pub 1 points 4 hours ago

Concerning this particular article, perhaps the vulnerability here are not a mallicious software packages, but the management of these software repo's.

Should it be possible to upload a package on a repo with 99% of the same name as one that already exists without some additional checks?

[–] kristoff@infosec.pub 1 points 4 hours ago

I do not mind banning hammers for the visitors or a museum, especially if there is an exhibition of art that is concidered "unacceptable" by a certain group of people.

[–] me@social.jlamothe.net 2 points 2 days ago

@HumanPerson @Pro True, though we should probably do away with cursor for entirely different reasons.
youtu.be/H2S7PKWaP7c