Shakedown Social

0 posts0 participants0 posts today

Kevin Karhan :verified:<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@aral</a> <a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@EUCommission</a> <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> <a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@letsencrypt</a> <a href="https://mastodon.social/@cacert" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cacert</a> not only that, I think we need self-governing namespaces similar to <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@torproject</a> <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnionServices</a> (even tho they are prone to <a href="https://infosec.space/tags/typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typosquatting</a>-esque <a href="https://infosec.space/tags/sibil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sibil</a>/#EvilTwin-style <a href="https://infosec.space/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> attacks!)...

0x40kAlright, Go developers, listen up! 🚨 Seriously crazy stuff is happening in the Go world right now. We're talking major typosquatting issues. Attackers are slithering in and spreading malware via fake packages, can you believe it?So, for goodness sake, pay super close attention to the names of your modules! One little typo and bam! You've got yourself a nasty infection. As a pentester, I see this kind of thing all the time, sadly. Tiny mistakes, HUGE consequences. This malware then installs a backdoor. Totally not cool, right?Therefore, check your imports, folks! And make sure you're getting your devs trained up on security. Automated scans? Nice to have, sure, but they're absolutely no substitute for a manual pentest! What are your go-to tools for fighting this kind of attack? Oh, and yeah, IT security *has* to be in the budget, that's just the way it is.<a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#golang</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typosquatting</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a>

Scripter :verified_flashing:Jetzt trifft es auch Go: Bösartiges Typosquatting im Ökosystem entdeckt | heise online <a href="https://heise.de/-10270016" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://heise.de/-10270016</a> <a href="https://social.tchncs.de/tags/Programmiersprache" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Programmiersprache</a> <a href="https://social.tchncs.de/tags/Golang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Golang</a> <a href="https://social.tchncs.de/tags/Typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Typosquatting</a> <a href="https://social.tchncs.de/tags/TyposquattingPaket" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TyposquattingPaket</a> <a href="https://social.tchncs.de/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a>

Kevin Karhan :verified:<a href="https://tiggi.es/@DeltaWye" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@DeltaWye</a> <a href="https://corteximplant.com/@SynAck" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@SynAck</a> <a href="https://pounced-on.me/@Kuniti_shino" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Kuniti_shino</a> <a href="https://mastodon.de/@ErikUden" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ErikUden</a> OFC that's the nature of most services tht are open t new users.<ul><li><a href="https://infosec.space/tags/Abuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Abuse</a> being a statistical inevitability:</li></ul><a href="https://infosec.space/tags/Shitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shitter</a> (rather <a href="https://infosec.space/tags/Teitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Teitter</a> before <a href="https://infosec.space/tags/Mus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mus</a> ruined it!) had <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#API</a> <a href="https://infosec.space/tags/RateLimiting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RateLimiting</a> to make <a href="https://infosec.space/tags/Spamming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spamming</a> less effective (255 Statuses per 24hrs) even back when <a href="https://infosec.space/tags/TweetDeck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TweetDeck</a> was a seperate company...<ul><li>Making dynamical limits that instantly lockout i.e. brand new accounts sending the same.message to 10+ others as a DM within 48 hours of registration should act as a speed-bump to <a href="https://infosec.space/tags/Spammers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Spammers</a>. </li></ul>It won't prevent it entirely but make it more cumbersome.<ul><li>Sadly <a href="https://infosec.space/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mastodon</a> <a href="https://infosec.space/tags/Developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Developers</a> <a href="https://github.com/mastodon/mastodon/issues/28605" rel="nofollow noopener noreferrer" target="_blank">refuse to acknowledge the need for efficient filtering.and ban list managment</a> that every other web-facing application / system can do using blocklist feeds.</li></ul>This prevents remediation and correction of <a href="https://infosec.space/tags/banlists" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#banlists</a> & <a href="https://infosec.space/tags/blocklists" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blocklists</a>, leaving <a href="https://github.com/greyhat-academy/lists.d/blob/95bab7b3601030e7ad57bfc0516fa91362c8fcd5/blocklists.list.tsv#L21" rel="nofollow noopener noreferrer" target="_blank">a lot if domains burned forever</a> as the only.options are "replace" and "merge" and the average <a href="https://infosec.space/tags/ActivityPub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ActivityPub</a> admin or even <a href="https://infosec.space/tags/User" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#User</a> isn't going to learn or setup a <a href="https://infosec.space/tags/git" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#git</a>!<ul><li>which is frustrating as I maintain <a href="https://github.com/greyhat-academy/lists.d/blob/main/activitypub.domains.block.list.tsv" rel="nofollow noopener noreferrer" target="_blank">multiple</a> blocklists to help cleaning up the mess.</li></ul>I.e. there isn't really a good way to combat <a href="https://infosec.space/tags/Typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Typosquatting</a>-based <a href="https://infosec.space/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> beyond <a href="https://github.com/greyhat-academy/lists.d/blob/main/typos.domains.block.list.tsv" rel="nofollow noopener noreferrer" target="_blank">banning.offending domains</a>...

Chuck DarwinA malicious Python package named '<a href="https://c.im/tags/fabrice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fabrice</a>' has been present in the Python Package Index (PyPI) since 2021, 🆘 stealing Amazon Web Services credentials from unsuspecting developers. According to application security company Socket,  ⚠️the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux. The large number of downloads is accounted by fabrice <a href="https://c.im/tags/typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typosquatting</a> the legitimate SSH remote server management package “fabric,” a very popular library with more than 200 million downloads. <a href="https://www.bleepingcomputer.com/news/security/malicious-pypi-package-with-37-000-downloads-steals-aws-keys/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/malicious-pypi-package-with-37-000-downloads-steals-aws-keys/</a>

Joachim ViideTIL that running <code>npx foo/bar</code> instead of <code>npx @foo/bar</code> downloads and executes the github.com/foo/bar repo as a package 👍Also learned that in a CI context (i.e. when environment variable <code>CI=1</code>) <code>npx</code> doesn't wait for confirmation 👍👍On a completely unrelated note, here's a neat way to typosquat some NPM packages:<ul><li>Find a legit project that recommends running their tool with <code>npx</code>. For example <a href="https://github.com/reactjs/react-docgen/tree/main/packages/react-docgen-cli" rel="nofollow noopener noreferrer" target="_blank">@react-docgen/cli</a> hosted under ReactJS's GitHub org.</li><li>Check whether the NPM scope name is available as a GitHub user/org name. For example <a href="https://github.com/react-docgen" rel="nofollow noopener noreferrer" target="_blank">react-docgen was</a>.</li><li>Create a repo that matches the tool name but contains your own code. Like <a href="https://github.com/react-docgen/cli" rel="nofollow noopener noreferrer" target="_blank">github.com/react-docgen/cli</a>.</li><li>Wait for someone to accidentally forget the @ and run <code>npx your/package</code> in a CI context.</li><li>Repeat <a href="https://github.com/semantic-ui-react/bootstrap" rel="nofollow noopener noreferrer" target="_blank">for</a> <a href="https://github.com/highlight-run/sourcemap-uploader" rel="nofollow noopener noreferrer" target="_blank">multiple</a> <a href="https://github.com/firebaseextensions/fs-bq-import-collection" rel="nofollow noopener noreferrer" target="_blank">packages</a>.</li></ul>FWIW, reported this to GitHub - that also owns NPM - through HackerOne. The response: "This is an intentional design decision and is working as expected. We may make this functionality more strict in the future, but don't have anything to announce right now. As a result, this is not eligible for reward under the Bug Bounty program."<a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://infosec.exchange/tags/typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typosquatting</a>

Alexandre DulaunoyThere is a GPT in ChatGPT which is typosquatting the name of Sora to do rickrolling... So there is no evaluation of new GPTs by OpenAI? <a href="https://infosec.exchange/tags/openai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openai</a> <a href="https://infosec.exchange/tags/chatgpt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#chatgpt</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typosquatting</a>

Alexandre DulaunoyFIRST.org released the videos from Montreal FIRSTCON2023 including the presentation I did about <a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@circl</a> typosquatting-finderTyposquatting finder Python library - <a href="https://github.com/typosquatter/ail-typo-squatting" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/typosquatter/ail-typo-squatting</a>Online version of the typosquatting-finder service: <a href="https://typosquatting-finder.circl.lu/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://typosquatting-finder.circl.lu/</a><a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typosquatting</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> cc <a href="https://infosec.exchange/@firstdotorg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@firstdotorg</a> Video: <a href="https://www.youtube.com/watch?v=s09VFkI4Fn0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/watch?v=s09VFkI4Fn0</a>

Alexandre DulaunoyWe released a new version of the typosquatting Python library 🔗 Source code - <a href="https://github.com/typosquatter/ail-typo-squatting" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/typosquatter/ail-typo-squatting</a> 🔗 Online version - <a href="https://typosquatting-finder.circl.lu/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://typosquatting-finder.circl.lu/</a>The library has been improved to remove potential TLD/gTLDs which do a catch all for any domain. A random string is queried while testing to limit potential false-positive.Another option has been added to combine algorithms together. <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/typosquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typosquatting</a> <a href="https://infosec.exchange/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#python</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Recent searches

Search options

Administered by:

Server stats:

#typosquatting