news.volyx.in

GitHub confirms breach of 3,800 repos via malicious VSCode extension (bleepingcomputer.com)

1054 points by Timofeibu · 54 days ago · 460 comments on HN

Article summary

A malicious VSCode extension was used to breach 3,800 GitHub repositories. The extension was able to exfiltrate sensitive information by rewriting files in .github/workflows and pushing them to GitHub. The attack highlights the risks of using third-party extensions and the importance of security measures. The exact details of the breach are still being investigated.

Main themes

  • GitHub breach
  • Malicious VSCode extension
  • Security risks
  • Third-party extensions
  • Data exfiltration

What commenters say

  • The breach was possible due to the lack of security measures in place, such as restricting outbound requests from VSCode extensions.
  • Writing custom extensions can be a viable solution to avoid security risks, but it may not be practical for all developers.
  • The use of third-party extensions is a necessary evil, and developers should be aware of the potential risks and take steps to mitigate them.
  • Some argue that VSCode's lack of a robust security model makes it vulnerable to attacks, while others believe that the blame lies with developers who use malicious extensions.
  • Restricting outbound requests and using sandboxing can help prevent similar breaches, but may not be foolproof.
  • The breach highlights the need for better security practices, such as vetting extensions and monitoring for suspicious activity.
  • Some developers believe that paying the ransom in ransomware attacks is not a viable solution, as it does not guarantee that the data will be deleted.
  • The use of open-source extensions and libraries can increase the risk of security breaches, as malicious code can be introduced into the supply chain.