![]() Right9ctrl, in response, did exactly what one might have expected: He headed straight for the valuables. To many angry users, this was the equivalent of opening one’s front door to the first stranger who knocked, then grabbing one’s coat and leaving for the day. That person had gained commit access from event-stream’s author, Dominic Tarr, simply by asking for it. The code, intended to steal users’ bitcoin wallets, had been injected by an unknown developer with the username right9ctrl. When a developer named Ayrton Sparling disclosed the presence of malicious code in a popular npm module, event-stream, the response was disbelief-not because the code existed, but because of the way it got there.
0 Comments
Leave a Reply. |