Florian Maury on Nostr: ...
https://www.bleepingcomputer.com/news/security/microsoft-visual-studio-code-flaw-lets-extensions-steal-passwords/
OK, this is concerning, but wait? Extensions can freely access Internet and there is no permission system, no manifest, no sandboxing, no nothing?
I'm not even talking about password in text files. I mean, markdown documents could be leaked by extensions as easily. I never realized using VSCode was putting data in that much danger.
I don't think I will ever run VSCode outside a system sandbox ever again (or at least until they take security a bit more seriously).
#vscode #infosec #dataleak
OK, this is concerning, but wait? Extensions can freely access Internet and there is no permission system, no manifest, no sandboxing, no nothing?
I'm not even talking about password in text files. I mean, markdown documents could be leaked by extensions as easily. I never realized using VSCode was putting data in that much danger.
I don't think I will ever run VSCode outside a system sandbox ever again (or at least until they take security a bit more seriously).
#vscode #infosec #dataleak