Forwarded from 层叠 - The Cascading
Let's Encrypt 在公开信中提到将推出有效期短至 6 天的短期证书。
https://letsencrypt.org/2024/12/11/eoy-letter-2024/
linksrc: blog.gslin.org/~
#LetsEncrypt #TLS
https://letsencrypt.org/2024/12/11/eoy-letter-2024/
linksrc: blog.gslin.org/~
#LetsEncrypt #TLS
letsencrypt.org
A Note from our Executive Director
This letter was originally published in our 2024 Annual Report.
The past year at ISRG has been a great one and I couldn’t be more proud of our staff, community, funders, and other partners that made it happen. Let’s Encrypt continues to thrive, serving more…
The past year at ISRG has been a great one and I couldn’t be more proud of our staff, community, funders, and other partners that made it happen. Let’s Encrypt continues to thrive, serving more…
#交通 #metro
蓄势待发:边建设边探索边创新,市域机场线即将开跑!
https://mp.weixin.qq.com/s/c7MP8aiVVjV4kOUR5vaRUQ
内有市域机场线虹桥2号航站楼站~浦东1号2号航站楼站 各车站设计介绍
蓄势待发:边建设边探索边创新,市域机场线即将开跑!
https://mp.weixin.qq.com/s/c7MP8aiVVjV4kOUR5vaRUQ
内有市域机场线虹桥2号航站楼站~浦东1号2号航站楼站 各车站设计介绍
#交通 #railway
来了,别眨眼!司机视角体验高铁新线“贴地飞行”
https://mp.weixin.qq.com/s/cV5ECg3ZEL1Cc9nKVw-zbg
沪苏湖高铁POV+各车站设计介绍
来了,别眨眼!司机视角体验高铁新线“贴地飞行”
https://mp.weixin.qq.com/s/cV5ECg3ZEL1Cc9nKVw-zbg
沪苏湖高铁POV+各车站设计介绍
Weixin Official Accounts Platform
来了,别眨眼!司机视角体验高铁新线“贴地飞行”
#LLM
Claude 3.5 Haiku, our next-generation fast model, is now available in Claude.ai on the web and in our mobile apps. Claude 3.5 Haiku offers exceptional skills for coding, quick information processing, and short-form content creation. Currently, Claude 3.5 Haiku is available as a text-only model. For tasks requiring image processing, conversations will automatically switch to Claude 3 Haiku.
https://www.anthropic.com/claude/haiku
Claude 3.5 Haiku, our next-generation fast model, is now available in Claude.ai on the web and in our mobile apps. Claude 3.5 Haiku offers exceptional skills for coding, quick information processing, and short-form content creation. Currently, Claude 3.5 Haiku is available as a text-only model. For tasks requiring image processing, conversations will automatically switch to Claude 3 Haiku.
https://www.anthropic.com/claude/haiku
#今天又看了啥 #security #npm
[Notice]: Version 1.1.7 of
Rspack have encountered an attack,
https://github.com/web-infra-dev/rspack/issues/8767
Rspack 是一个基于 Rust 编写的高性能 JavaScript 打包工具
由于团队成员的 npm token 被窃取,发布了带有恶意脚本的 1.1.7 版本
攻击通过 postinstall 脚本进行,仅针对 Linux,部分国家/地区,会下载并执行挖矿程序,并尝试从可能包含云服务凭据的常见位置查找配置文件,组合内容,以 Base64 对其进行编码,然后将其发送到远程服务器
简要分析
团队已弃用 1.1.7,并重新发布 1.1.6 版本为 1.1.8 ,以防止被攻击的版本被错误安装
同理,由同一人维护的 vant(一个轻量、可定制的移动端组件库)的部分版本也受此影响,被植入恶意代码
值得注意的是,rspack 已启用 npm provenance 以验证是通过 CI 打包发布至 npm,1.1.7 版本并没有通过验证,但是 npm 并没有措施阻止升级到未验证版本。有开发者提交了相关功能请求:[Feature Request] An option to forbidden packages to upgrade from a attested version to a unattested version
See also: NPM Provenance: The Missing Security Layer in Popular JavaScript Libraries
[Notice]: Version 1.1.7 of
@rspack/core and @rspack/cli has security risks. Please use version 1.1.8 or v1.1.6 insteadRspack have encountered an attack,
@rspack/core and @rspack/cli 1.1.7 are vulnerable versions released by the attacker, and contain malicious scripts.https://github.com/web-infra-dev/rspack/issues/8767
Rspack 是一个基于 Rust 编写的高性能 JavaScript 打包工具
由于团队成员的 npm token 被窃取,发布了带有恶意脚本的 1.1.7 版本
攻击通过 postinstall 脚本进行,仅针对 Linux,部分国家/地区,会下载并执行挖矿程序,并尝试从可能包含云服务凭据的常见位置查找配置文件,组合内容,以 Base64 对其进行编码,然后将其发送到远程服务器
简要分析
团队已弃用 1.1.7,并重新发布 1.1.6 版本为 1.1.8 ,以防止被攻击的版本被错误安装
同理,由同一人维护的 vant(一个轻量、可定制的移动端组件库)的部分版本也受此影响,被植入恶意代码
值得注意的是,rspack 已启用 npm provenance 以验证是通过 CI 打包发布至 npm,1.1.7 版本并没有通过验证,但是 npm 并没有措施阻止升级到未验证版本。有开发者提交了相关功能请求:[Feature Request] An option to forbidden packages to upgrade from a attested version to a unattested version
See also: NPM Provenance: The Missing Security Layer in Popular JavaScript Libraries
GitHub
[Notice]: Version 1.1.7 of @rspack/core and @rspack/cli has security risks. Please use version 1.1.8 or v1.1.6 instead · Issue…
Notice from Rspack team Rspack have encountered an attack, @rspack/core and @rspack/cli 1.1.7 are vulnerable versions released by the attacker, and contain malicious scripts. Rspack team have taken...