Is this why Windows Defender is prompting me 2-3 times a day to submit my codex/config.toml to Microsoft for "malware analysis"? I've said no every time so far, since my first thought is "What could even be hidden there?" when I see the dialog yet again, I'm guessing Microsoft would love to see how people use their competitors' products though.
I've heard about these attacks but never really had the time to understood what was happening. Some of our junior devs use VS Code, so now we have something to point them at.
It's far from a blindspot. People have been yelling about this from the rooftops for the last several years.
No one cares about security. People used to care for a fairly short period of time after something bad happened to them, but even that seems to have gone by the wayside as breaches, leaks, and use of exploited code has become normalized.
As I understand one don't need to have AI agents or something similar to be pwned. It's enough to clone a repository using git, since it allows executing arbitrary hooks for post-checkout.
I started grepping .vscode/settings.json for terminal.integrated before opening any new repo. VS Code workspace settings being executable by default is quietly terrifying.
11 comments
[ 10.2 ms ] story [ 30.7 ms ] threadNo one cares about security. People used to care for a fairly short period of time after something bad happened to them, but even that seems to have gone by the wayside as breaches, leaks, and use of exploited code has become normalized.
I think they, and the CIA, call it a feature. Just like messenger apps which try to "execute" every "image file" or link thrown at them.