Mastodawn

RE: https://hachyderm.io/@ChrisShort/116606591908387955

If you want on to Microsoft's internal network, CORPNET, publish or own an existing a VSCode extension.

The Visual Studio Code Marketplace, which Microsoft own, is completely uncontrolled.

Anybody can publish an extension, it provides code execution on endpoints, extensions auto update by default, "verified" blue tick extensions just need any domain registration, and there's no endpoint security controls at all around what users can install.

VSCode is an absolute security shittip as a result.

Show thread

MacCruiskeen

@GossiTheDog I realize that this is tangential, but the network is named CORPNET? Really? Are we in a cheap 1980s techno-thriller?

Show thread

Kevin Beaumont 6h ago

@maccruiskeen that's the main AD domain, yep. Keep in mind MS is an 80s company 😅

Show thread

Michael Newton 6h ago

@[email protected] @[email protected] also, this is the company that chose to call a flagship product family .NET

Kevin Beaumont (@[email protected])

4.39K Posts, 776 Following, 72.4K Followers · Cybersecurity weather person and award winning shitposter. Shitposting is an anagram of Top Insights. You may be surprised to know I am not representing my employer here and these are not their opinions. I have Direct Messages disabled - you can send them, but I will never receive them.

Cyberplace

Show thread

neffo 6h ago

@GossiTheDog @maccruiskeen is it pronounced corEnet or corPnet?

Show thread

ingmarvandijk 1h ago

@neffo @GossiTheDog @maccruiskeen coreP0WNED