8 comments

[ 5.2 ms ] story [ 35.2 ms ] thread
And my colleagues laugh at me for using Apple provided vim with no extensions for everything…
One of the reasons I never use Browser extensions either. If it doesn't ship with the browser, it cannot be trusted. NO exceptions.
There is an obvious exception: if you control the code. Many extensions have github repos where you can clone them and build your own version.

I have a long running personal extension where I collect all the functionality I need from open source extensions. Audit once, run forever with minor API updates every few years. The only third party ones I run are uBlock Origin and 1Password's official extension. With ChatGPT the audit/integration process has become loads simpler.

I even have a native extension bridge like 1password to interact with a Rust agent (to save and index visited pages, etc.)

Mozilla audits the code of the most popular Firefox extensions and tags them.
Interesting that there's a comment in the article's comments that talks about the

> client_sock. connect (9090, "192.168.71.132", () → { ...

And then goes on to say that it mostly looks innocent. Except to me, that makes me think that this code is probably aimed at a specific target where they've already hacked one internal box, but there's not much interesting they can get from that box directly, but are now using it as a proxy to try to get a command prompt on developers machines where it's more likely there will be random passwords and configuration data that could be harvested.

It could even feasibly point to someone who's already employed by the victim company who knows that plugin is used by developers with more access credentials than they have, and are trying to extract them without anything pointing to them. At some point in the future, they could just add that IP to their box that's already in the target network and bingo shells on their victims machines would start appearing.

(comment deleted)
(comment deleted)