Skip to content
  • Hjem
  • Seneste
  • Etiketter
  • Populære
  • Verden
  • Bruger
  • Grupper
Temaer
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Kollaps
FARVEL BIG TECH
  1. Forside
  2. Ikke-kategoriseret
  3. If you want on to Microsoft's internal network, CORPNET, publish or own an existing a VSCode extension.

If you want on to Microsoft's internal network, CORPNET, publish or own an existing a VSCode extension.

Planlagt Fastgjort Låst Flyttet Ikke-kategoriseret
26 Indlæg 22 Posters 107 Visninger
  • Ældste til nyeste
  • Nyeste til ældste
  • Most Votes
Svar
  • Svar som emne
Login for at svare
Denne tråd er blevet slettet. Kun brugere med emne behandlings privilegier kan se den.
  • maccruiskeen@social.linux.pizzaM maccruiskeen@social.linux.pizza

    @GossiTheDog I realize that this is tangential, but the network is named CORPNET? Really? Are we in a cheap 1980s techno-thriller?

    gossithedog@cyberplace.socialG This user is from outside of this forum
    gossithedog@cyberplace.socialG This user is from outside of this forum
    gossithedog@cyberplace.social
    wrote sidst redigeret af
    #21

    @maccruiskeen that's the main AD domain, yep. Keep in mind MS is an 80s company 😅

    mavnn@bonfire.mavnn.euM neffo@mas.toN 2 Replies Last reply
    0
    • gossithedog@cyberplace.socialG gossithedog@cyberplace.social

      RE: https://hachyderm.io/@ChrisShort/116606591908387955

      If you want on to Microsoft's internal network, CORPNET, publish or own an existing a VSCode extension.

      The Visual Studio Code Marketplace, which Microsoft own, is completely uncontrolled.

      Anybody can publish an extension, it provides code execution on endpoints, extensions auto update by default, "verified" blue tick extensions just need any domain registration, and there's no endpoint security controls at all around what users can install.

      VSCode is an absolute security shittip as a result.

      emily_s@mastodon.me.ukE This user is from outside of this forum
      emily_s@mastodon.me.ukE This user is from outside of this forum
      emily_s@mastodon.me.uk
      wrote sidst redigeret af
      #22

      @GossiTheDog One of the top 10 extensions, with 73 million downloads, looks like its owned by a single dev on his personal github account.

      I wonder how many fishing attempts he gets per day.

      1 Reply Last reply
      0
      • ingram@mastodon.socialI ingram@mastodon.social

        @GossiTheDog And this is why my work PC is locked down so tight I can't even make and run my own batch files, let alone anything .exe. The organisation actually practices the Essential Eight.

        gossithedog@cyberplace.socialG This user is from outside of this forum
        gossithedog@cyberplace.socialG This user is from outside of this forum
        gossithedog@cyberplace.social
        wrote sidst redigeret af
        #23

        @ingram you can probably install VSCode 😅

        1 Reply Last reply
        0
        • gossithedog@cyberplace.socialG gossithedog@cyberplace.social

          @maccruiskeen that's the main AD domain, yep. Keep in mind MS is an 80s company 😅

          mavnn@bonfire.mavnn.euM This user is from outside of this forum
          mavnn@bonfire.mavnn.euM This user is from outside of this forum
          mavnn@bonfire.mavnn.eu
          wrote sidst redigeret af
          #24

          @GossiTheDog@cyberplace.social @maccruiskeen@social.linux.pizza also, this is the company that chose to call a flagship product family .NET

          1 Reply Last reply
          0
          • gossithedog@cyberplace.socialG gossithedog@cyberplace.social

            Also - if you think 'none of our users run VSCode', check your telemetry. They do. It doesn't even need local admin rights to install.

            I've tooted about this one for about two years now, Microsoft have created their own security bonfire and it's going off in their own backyard, they just haven't realised yet.

            richbartlett@infosec.exchangeR This user is from outside of this forum
            richbartlett@infosec.exchangeR This user is from outside of this forum
            richbartlett@infosec.exchange
            wrote sidst redigeret af
            #25

            @GossiTheDog lol MS didn't even follow their own guidelines

            1 Reply Last reply
            0
            • gossithedog@cyberplace.socialG gossithedog@cyberplace.social

              @maccruiskeen that's the main AD domain, yep. Keep in mind MS is an 80s company 😅

              neffo@mas.toN This user is from outside of this forum
              neffo@mas.toN This user is from outside of this forum
              neffo@mas.to
              wrote sidst redigeret af
              #26

              @GossiTheDog @maccruiskeen is it pronounced corEnet or corPnet?

              1 Reply Last reply
              0
              • pelle@veganism.socialP pelle@veganism.social shared this topic
              Svar
              • Svar som emne
              Login for at svare
              • Ældste til nyeste
              • Nyeste til ældste
              • Most Votes

              • Log ind
              • Har du ikke en konto? Tilmeld
              • Login or register to search.
              Powered by NodeBB Contributors
              Graciously hosted by data.coop
              • First post
                Last post
              0
              • Hjem
              • Seneste
              • Etiketter
              • Populære
              • Verden
              • Bruger
              • Grupper