It was fun while it lasted, but drag and drop file uploads in github comments may not be around forever socket.dev/blog/how-threa…

Such cool technology from Orchid that helped my family have a healthy baby!

Baby Japhy is now 6 months old and pretty good at tummy time. ❤️

One guy says he's using this bug to host blog images for free on GitHub's CDN, but there are so many really bad ways this can be abused to make it appear that a file is coming from a legitimate source: socket.dev/blog/how-threa…

This is a cool way to do a software product demo 💖

GitHub is susceptible to a CDN flaw that allows attackers to host malware in the file storage for any public repository. socket.dev/blog/how-threa…

SO INCREDIBLY PROUD to share 2 HUGE updates:

1) The first baby was born using Orchid technology — and he’s super cute 🥰

2) I tested my own embryos with Orchid — we got SO much information & l feel confident now 🚀

This is the future of how babies will be born!

If you are building applications with open source code, this is a must watch video. It gives a broader picture of what #OSS security means and some real world examples of how attackers are exploiting open source dependencies.

What does a software supply chain attack look like? Check out Feross' talk at Node Congress🔥April 4 & 5, 2024 on the Dark Side of Open Source. If you enjoy digging into examples of malicious code, this is a fun video! socket.dev/blog/the-dark-…

Need to bring back large scale inspiring monuments, statues, art, architecture to cities

Am working on something here. More coming soon

🚨 A Socket investigation has uncovered an npm package for a React components library that exfiltrates sensitive developer information, including your operating system username, Git username, and Git email. socket.dev/blog/npm-packa… #reactjs #extjs

Did you know you can watch episodes of Coffee with Developers on our 'Watch' page, YouTube and Vimeo?

We've had some fascinating chats in recent weeks with Feross about the xz backdoor issue, and DHH about the state of tech in 2024.

Details in the next post 👇

OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation. The ecosystem is living on borrowed time until the next incident, which may already be in progress. socket.dev/blog/openjs-xz…

So who is out there sponsoring dedicated computers for Open Source maintainers? With all this surface area for attack it is more and more clear to me I should not be publishing or working on popular packages on my every day work laptop.

Feross Apple really needs to add more nuanced sandboxing to the Mac. The single desktop permissions prompt on first run isn't very useful.

OpenSSF and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

'XZ Utils cyberattack likely not an isolated incident'

openjsf.org/blog/openssf-o…

'I am seriously wondering how not every dev laptop is compromised these days'

There’s likely way more backdoors than we realize. It’s not like the people (or state actor) behind xz-utils did nothing else for those ~2 years.

They almost certainly infiltrated other projects.

Whole genome embryo screening will be the default way to have healthy babies faster than you’d think

Who is going to be at RSA Conference and BSidesSF in May? We can’t wait to meet you! Join us at one of our events for good food, drinks, and chill times connecting with new people in the security industry: socket.dev/blog/connect-w…

In our most recent episode of Coffee with Developers we sat down with web security expert and Socket CEO, Feross Aboukhadijeh (Feross), to discuss the recent xz backdoor incident that rocked the open source world.

Watch below 👇

I'm hosting a webinar on the xz-utils supply chain attack, and I'm going to show you how this nightmare security incident unfolded.

Learn about the risks of open source supply chains and how to secure your code.

Register now: events.zoom.us/ev/ArQ1SnX063V…