The Solidity Language open-source package was used in a $500,000 crypto heist

⁨4⁩ ⁨likes⁩

Submitted ⁨⁨5⁩ ⁨weeks⁩ ago⁩ by ⁨Pro@programming.dev⁩ to ⁨cybersecurity@infosec.pub⁩

https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/

Comments

Sort:hotnew top

HumanPerson@sh.itjust.works ⁨5⁩ ⁨weeks⁩ ago
Someone used a hammer to smash a window and steal stuff. Quick, ban hammers!!!

Getting rid of the tools to exploit vulnerabilities doesn’t get rid of the vulnerabilities, and security by obscurity is not security.

source
- kristoff@infosec.pub ⁨5⁩ ⁨weeks⁩ ago
  Concerning this particular article, perhaps the vulnerability here are not a mallicious software packages, but the management of these software repo’s.
  
  Should it be possible to upload a package on a repo with 99% of the same name as one that already exists without some additional checks?
  
  source
- me@social.jlamothe.net ⁨5⁩ ⁨weeks⁩ ago
  @HumanPerson @Pro True, though we should probably do away with cursor for entirely different reasons.
  youtu.be/H2S7PKWaP7c
  source
- kristoff@infosec.pub ⁨5⁩ ⁨weeks⁩ ago
  I do not mind banning hammers for the visitors or a museum, especially if there is an exhibition of art that is concidered “unacceptable” by a certain group of people.
  
  source