1-Click GitHub Token Stealing via a VSCode Bug

devmanjoe 10 hours ago|

[flagged]

1519035161 13 hours ago||

[dead]

omelas_tech 13 hours ago||

tl;dr: never press github.dev or open vscode.dev on a repo you don't trust

minitech 10 hours ago||

and don’t open links like https://tinyurl.com/2s3twstw either, or any other page on the internet that’s able to redirect you to github.dev

simonw 9 hours ago||

That's a hard rule to follow when any website on the internet might redirect a browser tab to a URL on one of those domains.

notlibrary 10 hours ago||

And when what it does with it?

fg137 17 hours ago|

> To those folks, I am sorry, but this is one of the few levers I have to try to influence MSRC and the security posture of VSCode

Someone is going to be blacklisted by Microsoft.

theguidessuck 12 hours ago||

Damn, what a disaster. Then they won't allow him to tell them about the bugs they don't take seriously.

ares623 15 hours ago|||

"Oh great Mythos, how do I remove all vulnerabilities from my products?"

Percolating...

Ban all vulnerability researchers

NagatoYuzuru 17 hours ago||

[flagged]