-
Should the misp_time field be working for both attributes (on existing events) and new events?
Background: we receive Splunk logs as typosquatting domains are discovered. We then push these to MI…
-
### URL
https://twitter.com/di_codes/status/1610781657128108033
### When was this post released
4 January 2023
### Summary
> in 2022, the @pypi team removed >12,000 unique projects. each were ins…
-
In the past couple of years, pretty much all big package repositories were attacked by malware squatting on common typos of popular packages. I can look up the publication describing some proof-of-con…
kblin updated
6 years ago
-
sometimes when I run `npm install` which installs this repo as a dev dependency, I get the old version, and sometimes I get the new one (with the icons).
It looks like there's a process that happen…
-
Zeppelin could install a first-come-first-served subdomain registry (ala aragon-id) and use ENS reverse lookups to get the distribution's contract address.
Something like `openzeppelin.zos-distribu…
-
Ensure supply chain security for code/package repositories (e.g. hex.pm)
-
A colleague and I noticed that rubgems.org (notice missing the y) was available after we inadvertently typo'd it. I registered it about 3 months ago +/- and setup an Nginx proxy to rubygems.org with a…
-
There have been successful scams of people posing as someone in your contact list and asking for crypto. This happens by the victim assuming the user is their contact and then convincing them to send …
-
### Feature request
Apologies if this is the wrong issue type, it's sort of related to refactoring, but that kind of issue was marked for internal use only.
This is a feature request/proposal to d…
-
Just today I noticed https://hackage.haskell.org/package/wsdl-0.1.0.0 which comes with a
big "DO NOT USE, UNSTABLE AND INCOMPLETE." disclaimer in its description.
IMO, such packages don't belong i…