home.social

#polyfillio โ€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #polyfillio, aggregated by home.social.

  1. What CVE should I use for the Polyfill[.]io supply chain attack? I see that CVE-2024-38526 exists, but it's specifically for pdoc. Is there a better one?

    :boost_love:

    #PolyfillIO #CVE #infosec

  2. What CVE should I use for the Polyfill[.]io supply chain attack? I see that CVE-2024-38526 exists, but it's specifically for pdoc. Is there a better one?

    :boost_love:

    #PolyfillIO #CVE #infosec

  3. What CVE should I use for the Polyfill[.]io supply chain attack? I see that CVE-2024-38526 exists, but it's specifically for pdoc. Is there a better one?

    :boost_love:

    #PolyfillIO #CVE #infosec

  4. What CVE should I use for the Polyfill[.]io supply chain attack? I see that CVE-2024-38526 exists, but it's specifically for pdoc. Is there a better one?

    :boost_love:

    #PolyfillIO #CVE #infosec

  5. What CVE should I use for the Polyfill[.]io supply chain attack? I see that CVE-2024-38526 exists, but it's specifically for pdoc. Is there a better one?

    :boost_love:

    #PolyfillIO #CVE #infosec

  6. Y'all remember #PolyfillIO?

    I realize the lesson there is; don't depend on code from domains you don't control, and in an ideal world that's what you should do

    But is there still a need there? Are there #webPlatform features you'd like to use but you don't want to introduce a build process just to bundle the #polyfill from #NPM?

    Or is there no point in #polyfills since #browsers don't share caches between origins these days so there's no precaching benefit anymore?

    #webDev #javaScript #web

  7. Y'all remember #PolyfillIO?

    I realize the lesson there is; don't depend on code from domains you don't control, and in an ideal world that's what you should do

    But is there still a need there? Are there #webPlatform features you'd like to use but you don't want to introduce a build process just to bundle the #polyfill from #NPM?

    Or is there no point in #polyfills since #browsers don't share caches between origins these days so there's no precaching benefit anymore?

    #webDev #javaScript #web

  8. Y'all remember #PolyfillIO?

    I realize the lesson there is; don't depend on code from domains you don't control, and in an ideal world that's what you should do

    But is there still a need there? Are there #webPlatform features you'd like to use but you don't want to introduce a build process just to bundle the #polyfill from #NPM?

    Or is there no point in #polyfills since #browsers don't share caches between origins these days so there's no precaching benefit anymore?

    #webDev #javaScript #web

  9. Y'all remember #PolyfillIO?

    I realize the lesson there is; don't depend on code from domains you don't control, and in an ideal world that's what you should do

    But is there still a need there? Are there #webPlatform features you'd like to use but you don't want to introduce a build process just to bundle the #polyfill from #NPM?

    Or is there no point in #polyfills since #browsers don't share caches between origins these days so there's no precaching benefit anymore?

    #webDev #javaScript #web

  10. Y'all remember #PolyfillIO?

    I realize the lesson there is; don't depend on code from domains you don't control, and in an ideal world that's what you should do

    But is there still a need there? Are there #webPlatform features you'd like to use but you don't want to introduce a build process just to bundle the #polyfill from #NPM?

    Or is there no point in #polyfills since #browsers don't share caches between origins these days so there's no precaching benefit anymore?

    #webDev #javaScript #web

  11. ๅ…ณไบŽ polyfill.io ใ€ bootcdn.net ๅŠ staticfile.org ็ญ‰็š„ๅŽ็ปญๆถˆๆฏ๏ผš

    - ๅ—ๅฝฑๅ“็š„ CDN ๅŒ…ๆ‹ฌ
    bootcdn.net ใ€ bootcss.com ใ€ staticfile.net ใ€ staticfile.org ็ญ‰ [1]ใ€‚
    - uBlock ็š„ "Badware risks" ่ฟ‡ๆปคๅ™จๅทฒ็ป้˜ปๆ–ญไบ†ๅˆฐ่ฟ™ไบ›็ซ™็‚น็š„่ฎฟ้—ฎ๏ผ›Namecheap ๅ…ณๅœไบ†
    polyfill.io ๅ’Œ polyfill.com ๅŸŸๅ [2]๏ผ›Google ไบฆๅผ€ๅง‹ๅœๆญขๆŠ•ๆ”พไฝฟ็”จ polyfill.io ็ฝ‘็ซ™็š„ๅนฟๅ‘Š [1]ใ€‚
    - Cloudflare ๆไพ›ไบ†่‡ชๅŠจๆ›ฟๆข่‡ณ่‡ชๆœ‰ Polyfill ็š„ๆœๅŠก๏ผŒ้ป˜่ฎคๅฏนๅ…่ดน่ฎกๅˆ’็š„็ซ™็‚นๅฏ็”จ๏ผ›ไป˜่ดน่ฎกๅˆ’็š„็ซ™็‚นๅฏไปฅๆ‰‹ๅทฅๅฏ็”จ [3]ใ€‚
    - ไธ€ไฝๅฎ‰ๅ…จ็ ”็ฉถ่€…ๅ‘็Žฐ๏ผŒGitHub ไธŠ็š„
    data.polyfill.com ๅบ“ๅญ˜ๅ‚จไบ† Cloudflare API ๅฏ†้’ฅ๏ผŒๅนถ็”จๅฏ†้’ฅ่ฎฟ้—ฎ Cloudflare API ๅ‘็ŽฐๅŒไธ€ไธช่ดฆๆˆทๆŽงๅˆถ็€ไปฅไธŠ็š„่ฟ™ไบ›ๅŸŸๅ [2]ใ€‚

    1.
    sansec.io/~
    2.
    bleepingcomputer.com/~
    3.
    blog.cloudflare.com/~

    thread:
    /4551

    [ๆ„Ÿ่ฐข ๅคœๅ‚้›… ๆไพ›ๆญคๆถˆๆฏใ€‚]

    #PolyfillIO #Security

  12. So, I'm thinking; what if I build polyfill.io, but on the Blockchain! Hey come back..

    Hear me out; #fleekfunctions are immutable, and transparent. So long as the #fleeknetwork nodes can be trusted to execute the code properly (I presume there are cryptographic guarantees of output validity) then it could be safer from supply chain attacks.

    #webDev #polyfillio #polyfill #supplyChain #hacking #web3 #blockchain #fleek #javaScript

  13. So, I'm thinking; what if I build polyfill.io, but on the Blockchain! Hey come back..

    Hear me out; #fleekfunctions are immutable, and transparent. So long as the #fleeknetwork nodes can be trusted to execute the code properly (I presume there are cryptographic guarantees of output validity) then it could be safer from supply chain attacks.

    #webDev #polyfillio #polyfill #supplyChain #hacking #web3 #blockchain #fleek #javaScript

  14. So, I'm thinking; what if I build polyfill.io, but on the Blockchain! Hey come back..

    Hear me out; #fleekfunctions are immutable, and transparent. So long as the #fleeknetwork nodes can be trusted to execute the code properly (I presume there are cryptographic guarantees of output validity) then it could be safer from supply chain attacks.

    #webDev #polyfillio #polyfill #supplyChain #hacking #web3 #blockchain #fleek #javaScript

  15. So, I'm thinking; what if I build polyfill.io, but on the Blockchain! Hey come back..

    Hear me out; #fleekfunctions are immutable, and transparent. So long as the #fleeknetwork nodes can be trusted to execute the code properly (I presume there are cryptographic guarantees of output validity) then it could be safer from supply chain attacks.

    #webDev #polyfillio #polyfill #supplyChain #hacking #web3 #blockchain #fleek #javaScript

  16. So, I'm thinking; what if I build polyfill.io, but on the Blockchain! Hey come back..

    Hear me out; #fleekfunctions are immutable, and transparent. So long as the #fleeknetwork nodes can be trusted to execute the code properly (I presume there are cryptographic guarantees of output validity) then it could be safer from supply chain attacks.

    #webDev #polyfillio #polyfill #supplyChain #hacking #web3 #blockchain #fleek #javaScript

  17. On July 5th, PolyfillIO switched to polyfill[.]top
    This domain is currently unblocked by uBlock Origin and all major blocklists.
    Tweet: x[.]com/Polyfill_Global/status
    Thread with more information and also making fun of Windows users.

    #PolyfillIO #PolyfillIOAttack

  18. On July 5th, PolyfillIO switched to polyfill[.]top
    This domain is currently unblocked by uBlock Origin and all major blocklists.
    Tweet: x[.]com/Polyfill_Global/status
    Thread with more information and also making fun of Windows users.

    #PolyfillIO #PolyfillIOAttack

  19. On July 5th, PolyfillIO switched to polyfill[.]top
    This domain is currently unblocked by uBlock Origin and all major blocklists.
    Tweet: x[.]com/Polyfill_Global/status
    Thread with more information and also making fun of Windows users.

    #PolyfillIO #PolyfillIOAttack

  20. On July 5th, PolyfillIO switched to polyfill[.]top
    This domain is currently unblocked by uBlock Origin and all major blocklists.
    Tweet: x[.]com/Polyfill_Global/status
    Thread with more information and also making fun of Windows users.

    #PolyfillIO #PolyfillIOAttack

  21. 384,000 sites pull code from sketchy code library recently bought by Chinese firm | @dangoodin

    A supply-chain attack on Polyfill.io, a #JavaScript library, redirected users to malicious sites. So far, bootcss.com is the only domain showing any signs of potential malice. The nature of the other associated endpoints remains unknown

    #CyberSecurity #SupplyChainAttack #WebDevelopment #WebProgramming #WebSecurity #Polyfill #PolyfillIO

    arstechnica.com/security/2024/

  22. 384,000 sites pull code from sketchy code library recently bought by Chinese firm | @dangoodin

    A supply-chain attack on Polyfill.io, a library, redirected users to malicious sites. So far, bootcss.com is the only domain showing any signs of potential malice. The nature of the other associated endpoints remains unknown

    arstechnica.com/security/2024/

  23. 384,000 sites pull code from sketchy code library recently bought by Chinese firm | @dangoodin

    A supply-chain attack on Polyfill.io, a #JavaScript library, redirected users to malicious sites. So far, bootcss.com is the only domain showing any signs of potential malice. The nature of the other associated endpoints remains unknown

    #CyberSecurity #SupplyChainAttack #WebDevelopment #WebProgramming #WebSecurity #Polyfill #PolyfillIO

    arstechnica.com/security/2024/

  24. 384,000 sites pull code from sketchy code library recently bought by Chinese firm | @dangoodin

    A supply-chain attack on Polyfill.io, a #JavaScript library, redirected users to malicious sites. So far, bootcss.com is the only domain showing any signs of potential malice. The nature of the other associated endpoints remains unknown

    #CyberSecurity #SupplyChainAttack #WebDevelopment #WebProgramming #WebSecurity #Polyfill #PolyfillIO

    arstechnica.com/security/2024/

  25. 384,000 sites pull code from sketchy code library recently bought by Chinese firm | @dangoodin

    A supply-chain attack on Polyfill.io, a #JavaScript library, redirected users to malicious sites. So far, bootcss.com is the only domain showing any signs of potential malice. The nature of the other associated endpoints remains unknown

    #CyberSecurity #SupplyChainAttack #WebDevelopment #WebProgramming #WebSecurity #Polyfill #PolyfillIO

    arstechnica.com/security/2024/

  26. > #China-based company #Funnull acquired the domain and the GitHub account that hosted the #JavaScript code. On June 25, researchers from #security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

    arstechnica.com/security/2024/

    #polyfillio #supplyChain

  27. > #China-based company #Funnull acquired the domain and the GitHub account that hosted the #JavaScript code. On June 25, researchers from #security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

    arstechnica.com/security/2024/

    #polyfillio #supplyChain

  28. > #China-based company #Funnull acquired the domain and the GitHub account that hosted the #JavaScript code. On June 25, researchers from #security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

    arstechnica.com/security/2024/

    #polyfillio #supplyChain

  29. > #China-based company #Funnull acquired the domain and the GitHub account that hosted the #JavaScript code. On June 25, researchers from #security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

    arstechnica.com/security/2024/

    #polyfillio #supplyChain

  30. > #China-based company #Funnull acquired the domain and the GitHub account that hosted the #JavaScript code. On June 25, researchers from #security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

    arstechnica.com/security/2024/

    #polyfillio #supplyChain

  31. If you're using #polyfillio code on your site โ€“ like 100,000+ are โ€“ remove it immediately

    theregister.com/2024/06/25/pol

  32. If you're using #polyfillio code on your site โ€“ like 100,000+ are โ€“ remove it immediately

    theregister.com/2024/06/25/pol

  33. If you're using #polyfillio code on your site โ€“ like 100,000+ are โ€“ remove it immediately

    theregister.com/2024/06/25/pol

  34. If you're using #polyfillio code on your site โ€“ like 100,000+ are โ€“ remove it immediately

    theregister.com/2024/06/25/pol

  35. If you're using #polyfillio code on your site โ€“ like 100,000+ are โ€“ remove it immediately

    theregister.com/2024/06/25/pol

  36. > The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator

    > Researchers discovered a public GitHub repository where the purported operators of Polyfill.io had accidentally exposed their Cloudflare secret keys.

    LOL, FAIL!

    bleepingcomputer.com/news/secu

    #polyfill #polyfillio #cloudflare #bootcdn #bootcss #staticFile #security

  37. > The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator

    > Researchers discovered a public GitHub repository where the purported operators of Polyfill.io had accidentally exposed their Cloudflare secret keys.

    LOL, FAIL!

    bleepingcomputer.com/news/secu

    #polyfill #polyfillio #cloudflare #bootcdn #bootcss #staticFile #security

  38. > The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator

    > Researchers discovered a public GitHub repository where the purported operators of Polyfill.io had accidentally exposed their Cloudflare secret keys.

    LOL, FAIL!

    bleepingcomputer.com/news/secu

    #polyfill #polyfillio #cloudflare #bootcdn #bootcss #staticFile #security

  39. > The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator

    > Researchers discovered a public GitHub repository where the purported operators of Polyfill.io had accidentally exposed their Cloudflare secret keys.

    LOL, FAIL!

    bleepingcomputer.com/news/secu

    #polyfill #polyfillio #cloudflare #bootcdn #bootcss #staticFile #security

  40. > The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator

    > Researchers discovered a public GitHub repository where the purported operators of Polyfill.io had accidentally exposed their Cloudflare secret keys.

    LOL, FAIL!

    bleepingcomputer.com/news/secu

    #polyfill #polyfillio #cloudflare #bootcdn #bootcss #staticFile #security