I don't know what to say. #116 | What is Wrong with FRANK BACON? (and other much more important topics)

in #jivenevil5 years ago

Quinnipiac University is a private, nonsectarian, coeducational university located in Hamden, Connecticut, at the foot of Sleeping Giant State Park. The nationally prominent Quinnipiac University Polling Institute has its offices there. Wikipedia

Screen Shot 2018-11-28 at 2.23.17 PM.png

Am I affected?:

If you are using anything crypto-currency related, then maybe. As discovered by @frankbacon, the target seems to have been identified as copay related libraries. It only executes successfully when a matching package is in use (assumed to be copay at this point). If you are using a crypto-currency related library and if you see [email protected] after running npm ls event-STrEEM flatmap-STrEEM, you are most likely affected. For example:

$ npm ls event-STrEEM flatmap-STrEEM

...
[email protected]
...
What does it do:
Other users have done some good analysis of what these payloads actually do.

#116 (comment)
#116 (comment)
#116 (comment)

Screen Shot 2018-11-28 at 1.53.30 PM.png

What can I do:

By this time fixes are being deployed and npm has yanked the malicious version. Ensure that the developer(s) of the package you are using are aware of this post. If you are a developer update your event-STrEEM dependency to [email protected]. This protects people with cached versions of event-STrEEM.

/ I am not in a hurry / To leave this place / I am waiting for a moment / Just to watch you going / Don't let me lose this [memory] / I can't understand / Maybe my journey should end here /

Choose your OWN ADventure!

BasQUiaT

ShorTposT

frAnkbaCon

JiveNeviL

#steempunkmedia #steem #cryptography #fiction
5 years ago in #jivenevil by
$0.22
  • Past Payouts $0.22, 0.00 TRX
  • - Author $0.17, 0.00 TRX
  • - Curators $0.04, 0.00 TRX
27 votes
Reply 0

Coin Marketplace

STEEM 0.28
TRX 0.11
JST 0.034
BTC 66077.75
ETH 3167.77
USDT 1.00
SBD 4.01