Content
@
https://warpcast.com/~/channel/security
0 reply
0 recast
0 reaction
Paul Berg
@prberg
How big is the security risk if a VSCode extension gets compromised? And is there anything we can do to mitigate the potential risk?
4 replies
0 recast
22 reactions
Juliuss
@julius-eth-dev
hmm I wonder if cursor can be set up to analyze extensions for compromises/malicious code.
1 reply
0 recast
2 reactions
Dean Pierce 👨💻🌎🌍
@deanpierce.eth
You can try, but it's mostly a losing battle. You can verify the supply chain, but if a trusted publisher is compromised, judging the intent of a piece of code is basically impossible. You can tell if it's funny looking, or heavily obfuscated, but if you want to catch the bad stuff it's also going to catch many false positives.
1 reply
0 recast
1 reaction
Juliuss
@julius-eth-dev
fair enough. I guess it will be a never ending battle. However, a friend of mine has actually been studying technical interview scams on linkedIn and 90% of the time its the same kind of malicious technique (he built a tool to detect them). So I would imagine a pattern will emerge here too. It would be the newest ones we have to watch out for.
1 reply
0 recast
2 reactions
Dean Pierce 👨💻🌎🌍
@deanpierce.eth
Attackers don't bother switching up techniques when the technique keeps working 😁 Yes, attacks are easy to classify in hindsight, but when things stop working, attackers are quick to switch up their techniques, and they basically have unlimited options for doing so.
0 reply
0 recast
1 reaction
