Move over, npm: Now VS Code extensions can’t be trusted
It’s super easy to spoof Visual Studio Code extensions. And those spoofed extensions are incredibly hard to detect.
Richi Jennings
Richi Jennings is a former developer and marketer. He’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, DevOps.com, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.
Posts from Richi Jennings
Move over, npm: Now VS Code extensions can’t be trusted
GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’?
Machine learning can be a cognitive crutch, causing code vulnerabilities. Use with extreme caution!
If you don't love me now: JsonWebToken could break the software supply chain (again)
The JsonWebToken library has a flaw that could have lead to remote code execution (RCE).
.webp&w=3840&q=75)
PyTorch supply chain attack: Dependency confusion burns DevOps
A classic dependency confusion attack revealed itself last week.
DraftKings fantasy? How YOU can prevent credential stuffing attacks
...
Ahoy! More insecure code washes ashore with AlphaCode
Alphabet’s DeepMind brings us AlphaCode — another AI code-generating parlor trick. And, just like its large language model cousins, it can spit out buggy code.
ChatGPT: Parlor trick or Stack Overflow replacement?
Conversational AI language model ChatGPT can write code. But is it any good?
Meta’s GDPR fine: Why your DevOps needs red teaming
Your support must scale: Don’t be like Meta, dev teams
A rash of small businesses on Facebook found their accounts locked after being hacked. And it’s impossible to contact Meta to get the problem fixed.