VS Code

896 readers

1 users here now

founded 2 years ago

MODERATORS

[email protected]

Microsoft apologizes for removing VSCode extensions used by millions (www.bleepingcomputer.com)

submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

top 2 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 1 week ago

This feels way too apologetic by MS to me. Dunno if that's mainly the reporting in this article.

When asked by BleepingComputer about this development, cybersecurity researcher Amit Assaraf continued to claim that the extension did contain malicious code. However, there was no malicious intent from the publisher, commenting that "in this case, Microsoft moved too fast."

They "accidentally included" stuff that didn't belong in there. They obfuscated their code. Multiple red flags were hit.

For me, moving fast in blocking spread seems warranted. Maybe it shouldn't trigger removal on installs immediately, depending on how fast they can check.

The authors ban circumvention and outdated dependency the cause but not an issue claims were dubious at best as well.

Sure, maybe no ill intent. But that doesn't mean security practices should not happen.

[–] [email protected] 7 points 2 weeks ago

ah, the same extension whose author tried to gaslight the community saying it never had a permissive license and now ships a theme with obfuscated code. Yeah, I'll pass.

context: https://github.com/t3dotgg/vsc-material-but-i-wont-sue-you

the original repo had its history changed.