pessimismIt’s always an open port on MongoDB or a public S3 bucket: http://thehackernews.com/2017/07/over-14-million-verizon-customers-data.html.
AWS have finally started sending out e-mails to warn people of publicly exposed S3 buckets. AWS’s UX has always been worst in class, and now they’re starting to realize the consequences. https://mastodon.social/media/CNmnCn4ID6DRU74jDds
It’s the regular npm security bullshit that we all know and love:
https://news.ycombinator.com/item?id=14901566
An app named “cross-env” is typosquatting a popular package named “crossenv” to gobble up your environment variables (where people tend to store their most sensitive token credentials you can’t include in your source code).
While I’m no pro at npm, you can start by examining your global packages with `npm ls -g` and grep for `cross-env` or your OS equivalent for grep.
Wait, the correct packages is “cross-env”, and the malware is “crossenv”. Go figure.