How many companies use open source libraries and frameworks without any due dilligence? Read this article of an instance where malicious code was injected into node.js npm library and the target was copay bitcoin wallet to steal bitcoin. What steps companies do or should take to prevent such snafus to their products and customers? https://medium.com/s/story/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4
Isn’t this what basic traffic analysis should flag?
You make a good point but how many companies do that for their mobile apps that runs on customer devices? Also, what if the traffic doesn't occur all the time but programmed to transmit once a month or so. Companies may check how app is behaving with their backend but if the application runs on a mobile users device outside of your control and how could you monitor all the IP requests that app is making and even may be complicated by zero day exploit. In that scenario, traffic analysis may not help. Thoughts?
This was a node issue, not a mobile app issue.
Me
This tends to be a pretty agregious problem with Node and Ruby.
Companies should review everything that goes in their products. Accepting precompiled binaries and not reviewing source code is asking for trouble. Developers got sloppy and lazy.
I would argue it’s product vendors got sloppy and lazy
Tell the vendors no. They always cave and let you hit their API with your own implementation.
So your company doesn’t use OSS library security scanning services? Thanks for letting me know how vulnerable your isht is.
Tech Industry
Yesterday
434
Would you show promo on LinkedIn and resume?
India
Yesterday
639
Modi is a legend, will be remembered for centuries to come
Tech Industry
Yesterday
1900
Quitting this Slave life
2024 Presidential Election
Yesterday
680
Heartwarming peaceful protests
India
Yesterday
697
Who are these retards asking for dictatorship in India?
Pull request a counter virus to the master branch