Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 14-Feb-2022 21:30:14 EST GeniusMusing GeniusMusing
    Maybe, but buying a domain and adding an email is not that much work, 2FA might be another story assuming it is being used. There might still be time for this to be exploited.

    Thousands of npm accounts use email addresses with expired domains The Record by Recorded Future
    https://therecord.media/thousands-of-npm-accounts-use-email-addresses-with-expired-domains/

    >However, it is worth noting that days before this study was published in December 2021, npm announced plans to slowly start enforcing 2FA for developer accounts. This process was scheduled to take place in multiple stages, with the Top 100 maintainer accounts being enrolled in mandatory 2FA at the start of this month.
    In conversation Monday, 14-Feb-2022 21:30:14 EST from nu.federati.net permalink

    Attachments

    1. Invalid filename.
      Thousands of npm accounts use email addresses with expired domains
      from The Record by Recorded Future
      An academic research project found that thousands of JavaScript developers are using an email address with an expired domain for their npm accounts, leaving their projects exposed to easy hijacks.
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.