Rendered at 17:01:57 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
zbentley 14 hours ago [-]
This is a very good writeup.
Zooming way out (perhaps to the point of useless observation), it's a pity that the web embedded VSCode editor is signed into GitHub at all. Defense-in-depth or not, a huge vulnerability surface arises from that original sin. It'd be like if you had a god-permissioned GitHub API token stored in world-readable plaintext on your workstation for the malicious-NPM-package-of-the-week to find.
In a perfect world, it'd be awesome if the in-browser IDE launched with a temporary per-repo permission scope or token that allowed only pull and push to the repo in question; no github.com web session whatsoever. If you want the full GitHub web UI experience, well .... go back to github.com; make github.dev a single-repo service.
I'm assuming that's a) inconvenient for users, b) hard to implement, and c) a historical assumption baked into a lot of the github.dev tooling, though. Ah well.
ammar2 13 hours ago [-]
> it'd be awesome if the in-browser IDE launched with a temporary per-repo permission scope
That's actually exactly what they do for codespaces. The token only has read/write on the repo you activated for the codespace [1]. They should definitely consider doing that for github.dev as well.
Or they could’ve kept their bounty program running smoothly. But instead they pissed off another security researcher and received a zero days heads-up before public disclosure.
maxloh 6 hours ago [-]
I think the problem lies in the fundamental design of VS Code extensions in general. They are essentially Node.js apps with full access to built-in modules, including fs. If the corresponding VS Code instance is launched with your user privileges, extensions can technically read files in ~/.ssh.
It is not safe in the sense that for every extension you install, you are essentially installing a new Node.js app with all its bundled dependencies. Even if you trust the publisher, I am sure there are many holes to exploit.
zbentley 2 hours ago [-]
My comment had more to do with the in-browser VS Code instance. Regardless of the extension security model, having the github.dev webapp run under your full github.com account's permissions significantly expands the attack surface: if you launch github.dev in one repo and install a malicious extension, that extension can reach and compromise all repos your GitHub user can reach, private or public. Scoping it to one repo would only allow a malicious extension to write code in that repo and not mess with the GitHub API or other repos.
Separately, I think the debate around extensions/plugins in general boils down to the same conversation about trust and isolation we have for every third-party software supplier (package managers etc.).
Options include:
1. Vetting/blessing certain extensions.
2. Serving built extensions from a central registry/artifact store with security protections
3. Having VSCode organically grow a shitty version of different operating systems' "X wants to access Y; confirm?" permissions access system (a pain in the ass to do in a cross-platform way).
4. Having VSCode somehow run extensions as separate applications according to the OS and leveraging the OS's permission system (still hard, and because it's an IDE, rather a lot of extensions will need--or request because of sloppy extension code--very broad permissions, at which point an extension is one transitive dependency update away from compromising your system).
5. Running the entire VSCode instance in some sort of container/VM/sandbox (the amount of access holes folks poke in the Snap/Flatpak VSCode instances, and the number of common issues for which "stop using the container and install VSCode directly on the system" is the recommended fix does not give me hope that this will be adopted by anyone but the most expert, patient, and paranoid users).
zmysysz 5 hours ago [-]
[flagged]
ffemac 9 hours ago [-]
> malicious-NPM-package-of-the-week
This is going to get worse and worse. I recently noticed AI harness (e.g. OpenCode) downloading random npm packages in the background and litter them everywhere in a few place in ~ and in your project dir, all without telling/asking you.
What's worse is that people don't seem to care even the devs.
himata4113 4 hours ago [-]
You typically don't want to run opencode outside a sandbox anyway.
ffemac 3 hours ago [-]
True, but security breach inside a sandbox/container can cause serious damage too(stealing your code/data/keys, spreading via your code/release etc). And containers aren't for security anyway(e.g. Copy Fail breaching to host https://xint.io/blog/copy-fail-pod-to-host)
himata4113 37 minutes ago [-]
It's rare that both of those align and it is very unlikely that both are used at once. Most of the exploits (if not all) just install rce, rat and/or steal env.
lifis 9 hours ago [-]
I think it's ok to be signed-in when opening your own repositories, but definitely not when opening repositories from other accounts. And also the webview keyboard shortcut thing needs to be fixed to only allow harmless keybinds and NOT propagate to any keydown handler. Also on desktop it should be removed in favor of Electron intercepting directly. And on web it should probably disabled by the default.
amluto 13 hours ago [-]
> temporary per-repo permission scope or token that allowed only pull and push to the repo in question
How about pull from the repo but only push to a staging area from which the user, but not the token, can push for real?
Frankly, LLM agents should do this too. Letting your LLM push seems foolhardy to me.
lifis 9 hours ago [-]
You can just fork the repository, give it access to the fork and then merge what you want
amluto 3 hours ago [-]
This is a piece of cake using GitHub’s excellent permission system.
(I’m joking, of course. Service accounts are nowhere to be seen. OAuth can’t even scope to an organization, let alone a repository. And this whole github.dev thing illustrates that you don’t even need to explicitly grant permission to issue broadly scoped tokens.)
Also, forking is pretty heavyweight just to launch something that, for all anyone knows before starting actual work, is being used as a read only viewer.
3 hours ago [-]
namibj 11 hours ago [-]
Jules is heavily restricted in what it can do to your repos.
alostpuppy 11 hours ago [-]
Exe.dev has an integrations feature which is similar allowing you to grant access to specific repos without having give the VMs credentials. I think it’s a similar pattern to iron.sh.
I have been thinking more and more about how I might use this pattern.
moi2388 11 hours ago [-]
That makes so much more sense.
hju22_-3 7 hours ago [-]
You can use SSH keys and GitHub deploy keys to approximate this. Can't speak for the security of it, but I have never set up GitHub with access to every repo. Not sure if there exists approximate functionality in other git forges though.
zbentley 6 hours ago [-]
How does this work with the in-browser editor at github.dev?
owl57 14 hours ago [-]
If the malicious-npm-package-of-the-week is reading arbitrary files on your workstation, isn't it usually able to run git clone/push/whatever with your current credentials anyway?
digi59404 13 hours ago [-]
Yes, but also no. For example in GitLab a user who’s infected could push code to a branch. Then it could even make a merge request to pull that branch into main (if main is protected).
But then someone else on the team should have to manually approve that MR to allow it to be merged to main.
This kind of defeats the ability of malware to push stuff out automatically.
ikiris 12 hours ago [-]
Not if they're touch required in a secure enclave like a yubikey
ammar2 4 hours ago [-]
Update as of 3rd June: Microsoft has fixed this with a stopgap fix by adding a confirmation when opening notebooks in web VSCode and not allowing trusted publisher to be skipped by commands (https://github.com/microsoft/vscode/pull/319705).
That's probably one of the fastest responses I've seen from a vendor.
NagatoYuzuru 14 hours ago [-]
> the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed the bug
Classic MSRC. It has figured out that researchers will report for free regardless. Why change?
guessmyname 13 hours ago [-]
MSRC doesn’t fix bugs.
I don’t know the specifics of this case, but I’ve managed bug bounty programs in the past through Bountysource and HackerOne. One thing that occasionally happens is that a report makes its way to the development team before the security team has fully assessed it, in this case MSRC.
At that point, a developer may decide to quietly fix the issue. Sometimes that’s driven by a concern, rational or not, that being associated with a security bug could reflect poorly on them or affect future promotion opportunities. The result is that by the time the security team attempts to reproduce the report, the vulnerability is already gone.
From MSRC’s perspective, all they see is that the provided reproduction steps no longer work. They have no visibility into the internal history of the bug or whether someone already patched it. As a result, the report gets closed as invalid even though the original finding may have been legitimate.
anonbanana 12 hours ago [-]
That makes sense but doesn't excuse the behavior. Just because there is poor communication within Microsoft doesn't make it okay to silently patch a vulnerability. Also, looking at the timeline on OP's post from 2023 it seems they patched it and closed the bug on the same day which is a little sus .
theguidessuck 9 hours ago [-]
> They have no visibility into the internal history of the bug or whether someone already patched it.
Aww man, if only they owned some sort of platform for tracking those, powered by some sort of program. Doesn't even have to be a smart problem, it can be, succintly, shortly, stupid. If only.
peterkelly 10 hours ago [-]
If only there were some kind of system for recording the version history and viewing what changes had been made to the code between releases.
hilariously 4 hours ago [-]
Your post reads like "This doesn't happen, except when it happens and the person has no recourse and it does in fact happen." - why make the post at all? If your internal workings fuck over someone externally prepare for your department to take the blame even if its "not your fault" - you work at the company that just fucked them over.
moi2388 11 hours ago [-]
Nonsense. As if there are no versions for their software releases.
This is laziness, security absolutely could verify these steps.
IcyWindows 2 hours ago [-]
Sure, given infinite time, they could diligently try to reproduce every bug across every version of any given product or open source library from a team at Microsoft.
However, if you have 1000s of reports a day, many of them vague with the person hoping it's close enough to a real issue to get paid, it makes sense to me personally that one needs prioritize active issues over tracking down when other issues were fixed.
natpalmer1776 13 hours ago [-]
It was the status quo for a long time, then the pesky security researchers started asking for compensation instead of clout.
ammar2 13 hours ago [-]
> instead of clout
I'm catching up on the infosec twitter side but it seems like it was even worse. A lot of people have the same story as me in 2023 of "they silently patch the bug and don't even credit you" which really stinks.
natpalmer1776 13 hours ago [-]
It definitely reminds me of the stereotypes of big business types stepping on the little guys to climb the ladder.
I hope you get credit where credit is due in future endeavors.
opello 13 hours ago [-]
Do it for the exposure! Artists of many stripes have had to combat that for ages.
Noumenon72 14 hours ago [-]
Thank you for essentially donating the time you spent on this exploit to raise awareness on improving VS Code's security response. You could have just given up on them but you're still trying to help.
ammar2 13 hours ago [-]
Thank you, that's a very kind comment.
I have no interest in selling these vulnerabilities or sitting on them. At the same time, it feels really bad to have a vendor disrespect the hours it can take to make a proof-of-concept by just patching it silently and not crediting you or acknowledging it.
zuzululu 12 hours ago [-]
I had this happen to me recently
github token got stolen and also cloudflare tokens
guys even if you take security seriously you are going to get hit on a long enough time frame
best thing to do is segregate and control damage
trust no one, nothing, use orbstack, and always operate under the assumption that your token is going to get leaked at some point
it knocked off my entire momentum. fortunately seemed like it was just a spam bot that took my tokens and created bunch of fake spam pages and trying to mine crypto
the biggest feeling is the one of feeling violated
take care fellow travelers
rbobby 1 hours ago [-]
> best thing to do is segregate and control damage
I first encountered that concept with a client that put every webapp in it's own virtual server and expected the vm to get compromised at some point. Seemed like a very sensible idea 15 years ago.
zuzululu 21 minutes ago [-]
my point was to limit access to tokens, segregate with different accounts for different apps, different computers or ISP if need be.
wall it off and dont trust VMs either. if you have something of value they can escape it.
pjot 11 hours ago [-]
> created bunch of fake spam pages and trying to mine crypto
Pages like GitHub pages? We’re repos being created in your account? Curious how you discovered that your tokens were pwned
zuzululu 11 hours ago [-]
repos created, cloudflare eployed thee websites, edited dns
saw a weird spam site, so damn tired went to bed thinking it was some mislick on my side
woke up next morning and loaded up my domain, it redirected and panic set in
my SEO is probably nuked even though it has been under 24 hours
worldsavior 9 hours ago [-]
Secret ad to orbstack.
zuzululu 29 minutes ago [-]
first time I mentioned it on here and no it won't be enough but better than running npms from wild naked
just pointing out what I use currently if you know something better/competitor please feel free to advertise them
AgentReinAi 9 hours ago [-]
The attack surface that makes this particularly nasty is that VSCode extensions run with the same trust level as the editor itself, and most developers have dozens installed without reviewing their permissions. A malicious or compromised extension silently exfiltrating GitHub tokens is undetectable without network monitoring. This is a good argument for running extensions in isolated profiles.
crimsonnoodle58 9 hours ago [-]
> is undetectable without network monitoring
Even with network monitoring, exfil to Github itself can be very hard to stop unless you SSL intercept and have very strict URL allow lists.
Best is to move away from Github, move to self hosted internal Gitlab/Forgejo and block Github completely.
EMM_386 4 hours ago [-]
This is an excellent and very interesting write-up.
It's so refreshing to read technical articles that are clearly written by a knowledgeable human and explained perfectly like this. By walking the reader through this with the example screenshots it unfolds and gets more interesting as you continue reading.
It's also strange to realize that these days, most articles are not like this.
ammar2 18 minutes ago [-]
heh, a friend actually pointed out a typo on a first draft and said "maybe you shouldn't fix it to show it's not LLM written".
sandeepkd 57 minutes ago [-]
The more I think about it, I feel sad about this state of things. More than likely chances are that there are people in Github who already knew about this behavior, unfortunately raising issues can be seen as introducing more friction to product/feature and it certainly does not puts anyone in good light so they either kept quiet or the more vocal voices drowned them.
meszmate 10 hours ago [-]
I don’t really understand why more devs don’t try Neovim.
Maybe it’s just my preference, but I like having a small setup where I know what is installed and what is running. With VSCode, browser IDEs, extensions, sync, tokens, and random plugins, it gets hard to tell what actually has access to what.
ulimn 9 hours ago [-]
I really like Helix. I didn't dig into Neovim much but Helix has pretty nice IDE-like features that I always missed from vim (without riddling it with plugins or using SpaceVim or such). Check it out, maybe you'll like it as well.
strogonoff 9 hours ago [-]
I stopped using VS Code and switched to Neovim some years ago, once I noticed that the former would automatically install random Python packages with typings for libraries without stock typings. The “feature” (part of Microsoft’s official Python extension, which was the only one that worked acceptably well for me in other regards) ended up installing type definitions for a different version of a library than the one my project would use, seemed wildly insecure as it casually ran third-party unvetted code, and was evidently not configurable.
I wish I could add “and I never looked back”, but honestly in the past year or two Neovim started regularly breaking my setup (approximately every upgrade). Had some inklings it might happen eventually… Strictly speaking, 10 years in, nvim is yet to have its first stable version released—which means technically one can’t blame it for instability, but which is useful to keep in mind.
Considering going back to plain vim. I’m sure I will lose many niceties, but hopefully it would not require me to troubleshoot broken functionality in the middle of work.
mplanchard 5 hours ago [-]
Emacs with vim bindings (evil mode) is also pretty great, and about as stable as it gets. I’ve been all-in for I think 6 or 7 years now. I just the other day installed a little package for tyographic quotes that hadn’t been updated in 16 years (!!), and it worked great.
Depending on what third party packages you use, you may sometimes get breakage there, but if you start out with a kit like doom emacs, you’ll be largely insulated from that.
There’s also always newer stuff like zed, which looks pretty great and is very snappy in my limited testing.
shinycode 9 hours ago [-]
I noticed that is quite hard to make people change habits regarding software. There is shortcuts to learn and we might feel slow at first which reinforces the feeling of « it’s not better ». It takes a while to get used to nvim, once there it’s faster but that explain why many people stay in their confort zone
okayishdefaults 9 hours ago [-]
One of the most important things I've ever read as someone that wants to be able to break out of my comfort zone was from Uiua's website. Foreign != confusing
pier25 14 hours ago [-]
The MSRC situation is really unbelievable.
There are probably better sources but I think this video by The Primeagen is a good introduction.
Very good write up but I lost it a little at the end. Could someone clarify for me?
The author said:
You cannot just use the shortcut trick to install the evil extension directly because of new publisher trust system;
You can bypass this by using local workspace extensions which has no publisher screening, but CSP blocks it;
The solution seems to be that installing a local workspace extension which binds a shortcut of 'install extension without checking publisher'.
So I assume it means:
1. you need two extensions, 1st one is local and only for the keybinding, and 2nd one is the 'real' evil one and it doesn't need to (actually can't, because of CSP) be local anymore?
2. the CSP only prevents the JS in local extension but nothing about its package.json (or the ability to add shortcuts), right?
We can try to just put a `my-extension/extension.js` for the most direct execution but the CSP blocks that. It's only a script-src CSP blocking it though, so fetching the package.json is still kosher. So we end up using it to contribute a keybinding instead.
parable 10 hours ago [-]
Kudos for the public disclosure. Too many people haven't been happy with MSRC and it's starting to boil over (see the Nightmare Eclipse situation, too). Maybe all of these disclosures will cause them to do some introspection and realize they're the problem. I highly doubt that, but one can dream.
nicce 9 hours ago [-]
I am not sure if this is still the best approach. They did not even try to submit based on expected "low" ranking when comparing to existing XSS submission. They should at least try or let them know many days before disclosing. You never know.
ammar2 1 hours ago [-]
It's not just based on that, if you read the linked report from 2023 (https://blog.ammaraskar.com/vscode-rce/), I had a bug with the exact same impact of token exfiltration (It did need one additional click on the VSCode interface). They marked it as low severity, fixed it silently, didn't acknowledge that it had security impact and did not provide me any credit much less a bounty.
jeremyjh 5 hours ago [-]
Its not just one issue they mishandled. It is a pattern. I think this makes sense if you believe long-term security requires leadership change at MSRC.
I understand that there's frustration with MSRC, but surely the right move is to keep doing things right to the best of your abilities.
Like, disclose it, wait a week, publish it. That seems, to me, like it would avoid almost all the bad press this is getting, and shows that the researcher DOES care about actual security and not just recognition from MSFT.
insanitybit 3 hours ago [-]
It's up to the researcher to make the call. Maybe they feel that it's best to disclose to bring attention to the MSRC problem - arguably, that'll be massively better for security longer term vs a point in time vuln disclosure.
NoahZuniga 7 hours ago [-]
> The only way to allow this behavior is to have the two web pages in the different origins cooperate with each other using the Window.postMessage() API
Small nitpick, but it's also possible to communicate by changing the location.anchor property (by either the iframe or its parent window.)
warm_soup 2 hours ago [-]
Excellent write up explaining all the steps with screenshots. It must have taken significant time to do this POC.
october8140 13 hours ago [-]
If you like VSCode but don't like Microsoft, try Zed (zed.dev).
arianvanp 10 hours ago [-]
Zed downloads random binaries on startup without any permissions prompts. No thanks.
ffemac 9 hours ago [-]
I looked into Zed because popular harness (OpenCode/KiloCode) just random downloads npm packages in the background and didn't tell you. But then I found out reports of Zed doing the same. Why we can't have nice things?
Quothling 11 hours ago [-]
I heard that Zed came with a lot of integrated AI and team sharing features that phone home, so that's an issue for anyone working with stuff like NIS2 compliance. Not that VSCode isn't a compliance nightmare as well.
throwaway041207 7 hours ago [-]
Zed is nice, but the project wide search (sidebar based) in VS Code and diff viewer in VS Code are still better IMO and unfortunately since I no longer code, those are my most used features of an editor. Still using it instead of VS Code but I sure wish it improved those views.
karimf 5 hours ago [-]
I've been using Zed for a few weeks now and these two are also my main complaints as well.
ZeroCool2u 13 hours ago [-]
Zed is excellent. I know it's weird, but the last thing holding me back is being able to have a browser based Zed session the same as VSCode.
dddw 11 hours ago [-]
If you like vs. but not M$. Use VsCodium. I did, but now preffer zed, which replaced my use of vscodium and sublimetext in 1 swoop.
jonnyysmith 6 hours ago [-]
GitHub does not currently provide a built-in repository setting to disable github.dev
Very cool.
antimony51 12 hours ago [-]
> if you had some other XSS in a webview that you can get a victim to open, you get effectively full RCE on their computer.
Github creds or the computer, can't decide which one is worse.
ThanosAkr 10 hours ago [-]
I am a bit confused. What if I just revoked OAuth access to github.dev? Wouldn't that just make the token unusable?
ammar2 4 hours ago [-]
You cannot, it doesn't go through the regular OAuth flow. GitHub just automatically grants it a token.
JessieJanie 8 hours ago [-]
Thank you for all your efforts and detail here, noted.
imron 9 hours ago [-]
I love vanilla vim.
Webhix 7 hours ago [-]
This is a very good writeup.
fg137 14 hours ago [-]
> To those folks, I am sorry, but this is one of the few levers I have to try to influence MSRC and the security posture of VSCode
Someone is going to be blacklisted by Microsoft.
theguidessuck 9 hours ago [-]
Damn, what a disaster. Then they won't allow him to tell them about the bugs they don't take seriously.
ares623 12 hours ago [-]
"Oh great Mythos, how do I remove all vulnerabilities from my products?"
Percolating...
Ban all vulnerability researchers
NagatoYuzuru 14 hours ago [-]
[flagged]
selectively 11 hours ago [-]
Very unethical behavior combined by very bad security posture from the vendor. Bad.
delis-thumbs-7e 7 hours ago [-]
Ok, I really need to look into Kate and maybe Neovim. Fuck this shit, honestly.
outageroom 6 hours ago [-]
[dead]
volume_tech 4 hours ago [-]
[dead]
Asfand3099 9 hours ago [-]
[dead]
lavaman131 11 hours ago [-]
[dead]
assanineass 4 hours ago [-]
[dead]
vladsiu 13 hours ago [-]
[dead]
devmanjoe 7 hours ago [-]
[flagged]
1519035161 10 hours ago [-]
[dead]
omelas_tech 10 hours ago [-]
tl;dr: never press github.dev or open vscode.dev on a repo you don't trust
minitech 7 hours ago [-]
and don’t open links like https://tinyurl.com/2s3twstw either, or any other page on the internet that’s able to redirect you to github.dev
simonw 6 hours ago [-]
That's a hard rule to follow when any website on the internet might redirect a browser tab to a URL on one of those domains.
Zooming way out (perhaps to the point of useless observation), it's a pity that the web embedded VSCode editor is signed into GitHub at all. Defense-in-depth or not, a huge vulnerability surface arises from that original sin. It'd be like if you had a god-permissioned GitHub API token stored in world-readable plaintext on your workstation for the malicious-NPM-package-of-the-week to find.
In a perfect world, it'd be awesome if the in-browser IDE launched with a temporary per-repo permission scope or token that allowed only pull and push to the repo in question; no github.com web session whatsoever. If you want the full GitHub web UI experience, well .... go back to github.com; make github.dev a single-repo service.
I'm assuming that's a) inconvenient for users, b) hard to implement, and c) a historical assumption baked into a lot of the github.dev tooling, though. Ah well.
That's actually exactly what they do for codespaces. The token only has read/write on the repo you activated for the codespace [1]. They should definitely consider doing that for github.dev as well.
[1] https://orca.security/resources/blog/hacking-github-codespac...
It is not safe in the sense that for every extension you install, you are essentially installing a new Node.js app with all its bundled dependencies. Even if you trust the publisher, I am sure there are many holes to exploit.
Separately, I think the debate around extensions/plugins in general boils down to the same conversation about trust and isolation we have for every third-party software supplier (package managers etc.).
Options include:
1. Vetting/blessing certain extensions.
2. Serving built extensions from a central registry/artifact store with security protections
3. Having VSCode organically grow a shitty version of different operating systems' "X wants to access Y; confirm?" permissions access system (a pain in the ass to do in a cross-platform way).
4. Having VSCode somehow run extensions as separate applications according to the OS and leveraging the OS's permission system (still hard, and because it's an IDE, rather a lot of extensions will need--or request because of sloppy extension code--very broad permissions, at which point an extension is one transitive dependency update away from compromising your system).
5. Running the entire VSCode instance in some sort of container/VM/sandbox (the amount of access holes folks poke in the Snap/Flatpak VSCode instances, and the number of common issues for which "stop using the container and install VSCode directly on the system" is the recommended fix does not give me hope that this will be adopted by anyone but the most expert, patient, and paranoid users).
This is going to get worse and worse. I recently noticed AI harness (e.g. OpenCode) downloading random npm packages in the background and litter them everywhere in a few place in ~ and in your project dir, all without telling/asking you.
What's worse is that people don't seem to care even the devs.
How about pull from the repo but only push to a staging area from which the user, but not the token, can push for real?
Frankly, LLM agents should do this too. Letting your LLM push seems foolhardy to me.
(I’m joking, of course. Service accounts are nowhere to be seen. OAuth can’t even scope to an organization, let alone a repository. And this whole github.dev thing illustrates that you don’t even need to explicitly grant permission to issue broadly scoped tokens.)
Also, forking is pretty heavyweight just to launch something that, for all anyone knows before starting actual work, is being used as a read only viewer.
I have been thinking more and more about how I might use this pattern.
But then someone else on the team should have to manually approve that MR to allow it to be merged to main.
This kind of defeats the ability of malware to push stuff out automatically.
That's probably one of the fastest responses I've seen from a vendor.
Classic MSRC. It has figured out that researchers will report for free regardless. Why change?
I don’t know the specifics of this case, but I’ve managed bug bounty programs in the past through Bountysource and HackerOne. One thing that occasionally happens is that a report makes its way to the development team before the security team has fully assessed it, in this case MSRC.
At that point, a developer may decide to quietly fix the issue. Sometimes that’s driven by a concern, rational or not, that being associated with a security bug could reflect poorly on them or affect future promotion opportunities. The result is that by the time the security team attempts to reproduce the report, the vulnerability is already gone.
From MSRC’s perspective, all they see is that the provided reproduction steps no longer work. They have no visibility into the internal history of the bug or whether someone already patched it. As a result, the report gets closed as invalid even though the original finding may have been legitimate.
Aww man, if only they owned some sort of platform for tracking those, powered by some sort of program. Doesn't even have to be a smart problem, it can be, succintly, shortly, stupid. If only.
This is laziness, security absolutely could verify these steps.
However, if you have 1000s of reports a day, many of them vague with the person hoping it's close enough to a real issue to get paid, it makes sense to me personally that one needs prioritize active issues over tracking down when other issues were fixed.
I'm catching up on the infosec twitter side but it seems like it was even worse. A lot of people have the same story as me in 2023 of "they silently patch the bug and don't even credit you" which really stinks.
I hope you get credit where credit is due in future endeavors.
I have no interest in selling these vulnerabilities or sitting on them. At the same time, it feels really bad to have a vendor disrespect the hours it can take to make a proof-of-concept by just patching it silently and not crediting you or acknowledging it.
github token got stolen and also cloudflare tokens
guys even if you take security seriously you are going to get hit on a long enough time frame
best thing to do is segregate and control damage
trust no one, nothing, use orbstack, and always operate under the assumption that your token is going to get leaked at some point
it knocked off my entire momentum. fortunately seemed like it was just a spam bot that took my tokens and created bunch of fake spam pages and trying to mine crypto
the biggest feeling is the one of feeling violated
take care fellow travelers
I first encountered that concept with a client that put every webapp in it's own virtual server and expected the vm to get compromised at some point. Seemed like a very sensible idea 15 years ago.
wall it off and dont trust VMs either. if you have something of value they can escape it.
saw a weird spam site, so damn tired went to bed thinking it was some mislick on my side
woke up next morning and loaded up my domain, it redirected and panic set in
my SEO is probably nuked even though it has been under 24 hours
just pointing out what I use currently if you know something better/competitor please feel free to advertise them
Even with network monitoring, exfil to Github itself can be very hard to stop unless you SSL intercept and have very strict URL allow lists.
Best is to move away from Github, move to self hosted internal Gitlab/Forgejo and block Github completely.
It's so refreshing to read technical articles that are clearly written by a knowledgeable human and explained perfectly like this. By walking the reader through this with the example screenshots it unfolds and gets more interesting as you continue reading.
It's also strange to realize that these days, most articles are not like this.
Maybe it’s just my preference, but I like having a small setup where I know what is installed and what is running. With VSCode, browser IDEs, extensions, sync, tokens, and random plugins, it gets hard to tell what actually has access to what.
I wish I could add “and I never looked back”, but honestly in the past year or two Neovim started regularly breaking my setup (approximately every upgrade). Had some inklings it might happen eventually… Strictly speaking, 10 years in, nvim is yet to have its first stable version released—which means technically one can’t blame it for instability, but which is useful to keep in mind.
Considering going back to plain vim. I’m sure I will lose many niceties, but hopefully it would not require me to troubleshoot broken functionality in the middle of work.
Depending on what third party packages you use, you may sometimes get breakage there, but if you start out with a kit like doom emacs, you’ll be largely insulated from that.
There’s also always newer stuff like zed, which looks pretty great and is very snappy in my limited testing.
There are probably better sources but I think this video by The Primeagen is a good introduction.
https://www.youtube.com/watch?v=9kxx5xp5nTQ
The author said:
You cannot just use the shortcut trick to install the evil extension directly because of new publisher trust system;
You can bypass this by using local workspace extensions which has no publisher screening, but CSP blocks it;
The solution seems to be that installing a local workspace extension which binds a shortcut of 'install extension without checking publisher'.
So I assume it means:
1. you need two extensions, 1st one is local and only for the keybinding, and 2nd one is the 'real' evil one and it doesn't need to (actually can't, because of CSP) be local anymore?
2. the CSP only prevents the JS in local extension but nothing about its package.json (or the ability to add shortcuts), right?
We can try to just put a `my-extension/extension.js` for the most direct execution but the CSP blocks that. It's only a script-src CSP blocking it though, so fetching the package.json is still kosher. So we end up using it to contribute a keybinding instead.
https://doublepulsar.com/microsofts-stance-on-zero-day-explo...
Like, disclose it, wait a week, publish it. That seems, to me, like it would avoid almost all the bad press this is getting, and shows that the researcher DOES care about actual security and not just recognition from MSFT.
Small nitpick, but it's also possible to communicate by changing the location.anchor property (by either the iframe or its parent window.)
Very cool.
Github creds or the computer, can't decide which one is worse.
Someone is going to be blacklisted by Microsoft.
Percolating...
Ban all vulnerability researchers