pull down to refresh
Someone use Ledger in 2023?
deleted by author
https://imgprxy.stacker.news/Guz1QmHHDSrPNEnJeOWvdz9X6MMAwdkvlXAePMv6OEM/rs:fit:1280:720/aHR0cHM6Ly9tLnN0YWNrZXIubmV3cy83NDE5
Was the malicious version inserted in the kit by an employer?
Insider threat babyyyyy
Or ledger the company got hacked somewhere that allowed the attacker to push this malicious update. Hard to know without ledger (or the attacker lel) telling us.
If it's an inside job, it's very bad. Basically everything could be compromised.
Shouldn't the commits be multi-keyed?
edit: multisig
I don't know how ledger runs their business, but I got a screenshot of a tweet from another chat (twitter user @MatthewLilley) which says
They are loading JS from a CDNThey are not version locking loaded JSThey had their CDN compromised
Ledger is a fucking joke at this point.
So many red flags from this company.
ELI5 of the issue from ChatGPT:
https://nitter.cz/pic/orig/enc/bWVkaWEvR0JUNjZfTmJZQUFqdm5JLnBuZw==
What are dApps?
so you're saying, these apps died out before they even became a thing? lol
We are not smart enough for things like this. Crypto is too advanced, its a bridge too far.
Twitter2Nitter
Clearnet: nitter.net | nitter.it | nitter.cz | nitter.at | nitter.unixfox.eu | nitter.poast.org | nitter.privacydev.net | nitter.d420.de | nitter.sethforprivacy.com | nitter.nicfab.eu | bird.habedieeh.re | nitter.salastil.com | nt.ggtyler.dev
Tor: nitter7bryz3..q553qd.onion | 26oq3gioiwcm..b4wwid.onion | vfaomgh4jxph..dauqad.onion | nitraeju2mip..evvuqd.onion | codeine3hsqn..brdqqd.onion
I2P: axd6uavsstsr..zf4q.b32.i2p | u6ikd6zndl3c..n2qa.b32.i2p | gseczlzmiv23..aoua.b32.i2p | tm4rwkeysv3z..4weq.b32.i2p | vernzdedoxuf..agva.b32.i2p
Lokinet: nitter.priv.loki/
Nitter is a free and open source alternative Twitter front-end focused on privacy and performance. Click here for more information.
Someone use Ledger in 2023?
deleted by author
https://imgprxy.stacker.news/Guz1QmHHDSrPNEnJeOWvdz9X6MMAwdkvlXAePMv6OEM/rs:fit:1280:720/aHR0cHM6Ly9tLnN0YWNrZXIubmV3cy83NDE5
Was the malicious version inserted in the kit by an employer?
Insider threat babyyyyy
Or ledger the company got hacked somewhere that allowed the attacker to push this malicious update. Hard to know without ledger (or the attacker lel) telling us.
If it's an inside job, it's very bad. Basically everything could be compromised.
Shouldn't the commits be multi-keyed?
edit: multisig
I don't know how ledger runs their business, but I got a screenshot of a tweet from another chat (twitter user @MatthewLilley) which says
Ledger is a fucking joke at this point.
So many red flags from this company.
ELI5 of the issue from ChatGPT:
https://nitter.cz/pic/orig/enc/bWVkaWEvR0JUNjZfTmJZQUFqdm5JLnBuZw==
What are dApps?
deleted by author
so you're saying, these apps died out before they even became a thing? lol
We are not smart enough for things like this. Crypto is too advanced, its a bridge too far.
Twitter2Nitter
Clearnet: nitter.net | nitter.it | nitter.cz | nitter.at | nitter.unixfox.eu | nitter.poast.org | nitter.privacydev.net | nitter.d420.de | nitter.sethforprivacy.com | nitter.nicfab.eu | bird.habedieeh.re | nitter.salastil.com | nt.ggtyler.dev
Tor: nitter7bryz3..q553qd.onion | 26oq3gioiwcm..b4wwid.onion | vfaomgh4jxph..dauqad.onion | nitraeju2mip..evvuqd.onion | codeine3hsqn..brdqqd.onion
I2P: axd6uavsstsr..zf4q.b32.i2p | u6ikd6zndl3c..n2qa.b32.i2p | gseczlzmiv23..aoua.b32.i2p | tm4rwkeysv3z..4weq.b32.i2p | vernzdedoxuf..agva.b32.i2p
Lokinet: nitter.priv.loki/
Nitter is a free and open source alternative Twitter front-end focused on privacy and performance. Click here for more information.
deleted by author