[ad_1]
But code has also been added to node.ipc that finds its users and deletes files if they are located in Russia or Belarus.
malicious code on March 15, by virtue of To Liran Tal, a researcher at cybersecurity firm Snyk. The new code was hidden within base64 encoded data, which would make it harder to detect.
A GitHub post shortly after the code is downloaded Message The code went viral after allegedly hitting servers run by an American nonprofit in Belarus, and the sabotage “leads to the execution of your code and the deletion of over 30,000 messages and files detailing war crimes committed in Ukraine by Russian military and government officials.”
According to Snyk, the code remained part of the package for less than a day. The alleged message from the American NGO was not verified, and no organization has made a public statement about any harm.
“While this is a protest-driven attack, it highlights a larger problem facing the software supply chain: transitive dependencies in your code can have a major impact on your security,” Tal wrote.
This isn’t the first time open source developers have sabotaged their own projects. In January, the author of another popular project called colors, endless loop To their code that renders any server running it useless until the problem is fixed.
a new movement
The protest software is just the latest in attempts by activists to use technology to circumvent Russian censorship and deliver anti-war messages. Activists are using targeted ads to push news About the war in Ukraine to ordinary Russians who are otherwise at the mercy of accelerating censorship and ubiquitous state propaganda. crowdsourced comments and anti war popups These are the tactics that have been used since the Russian troops began the invasion.
The protest software is mostly proof that much of what we can overtly see from the cyber warfare unfolding around Ukraine is directly related to it, after all. information and propaganda war.
Protest software may deliver similar anti-war messages, but there are concerns within the open source community that the possibility of sabotage – especially if it goes further than simple anti-invasion messaging and starts destroying data – could undermine the open source ecosystem. Although less known than commercial software, open source software is extremely important to run every aspect of the internet.
“Pandora’s box is now open, and from this point forward, people using open source will experience xenophobia more than ever before, including EVERYONE,” said GitHub user NM17. “The trust factor of open source based on the goodwill of the developers is now practically gone and now more and more people are realizing that one day their libraries/apps can be exploited to do/say whatever a random developer does. It was the ‘right thing to do’ thinking on the internet. Not a single good thing came out of this ‘protest’.”
[ad_2]
Source link