Andrew pfp

Andrew

@andrewmohawk

175 Following
182 Followers


Andrew pfp
0 reply
0 recast
1 reaction

Andrew pfp
0 reply
0 recast
2 reactions

Andrew pfp
0 reply
0 recast
0 reaction

Andrew pfp
0 reply
0 recast
1 reaction

Andrew pfp
1 reply
0 recast
2 reactions

Andrew pfp
0 reply
0 recast
1 reaction

Andrew pfp
0 reply
0 recast
2 reactions

Andrew pfp
1 reply
0 recast
0 reaction

Andrew pfp
0 reply
0 recast
1 reaction

Andrew pfp
0 reply
0 recast
0 reaction

Andrew pfp
1 reply
0 recast
6 reactions

Andrew pfp
1 reply
3 recasts
5 reactions

Andrew pfp
0 reply
0 recast
1 reaction

Andrew pfp
3 replies
1 recast
12 reactions

Andrew pfp
0 reply
0 recast
0 reaction

Andrew pfp
0 reply
0 recast
0 reaction

Andrew pfp
We are seeing a lot more attacks utilizing malicious VSCode and Browser extensions (although these have been around for a while). For browser extensions you can use "managed chrome" instances to control what can/cant be installed to make sure no extensions are installed that are malicious. You can also choose to block particularly bad extensions. For VSCode extensions you are basically SOL, right now my advice is this: Wherever possible please use [vscode.dev](http://vscode.dev) to open untrusted projects as it means that there is little chance they can execute code on your behalf. VSCode projects can execute arbitrary code when opening if you click “I trust this application/codebase” If you want to scan the extensions before installing you can use this to validate both chrome and vscode extensions: https://www.extensiontotal.com/
0 reply
0 recast
0 reaction

Andrew pfp
0 reply
0 recast
1 reaction

Andrew pfp
0 reply
0 recast
1 reaction

Andrew pfp
0 reply
0 recast
2 reactions