- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- netsec
- secops
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- netsec
- secops
MSFT was responsible of a generation of non-educated users, half-assed sysadmin, what could go wrong, now ?
maybe your are not concerned with your 64GB laptop from which 60GB are used for entreprise spyware/antivirus hem, protective measure. :)
Eli5
VS Code has an optional feature that can allow remote access, which could be [used/abused] to [access/breach] otherwise secure networks. Because the executable is signed by Microsoft, it won’t be flagged as malicious by antivirus/malware scanners even though it could easily be used as such. The article shows the steps the author attempted to detect and block this tunnel functionality, with limited success.
I don’t really get this article to be honest.
An attacker doesn’t need vscode to expose your closed off network, there are many more terminal tools that can be used for various kinds of attacks, especially if the attacker can smuggle in his own executables, as it’s assumed in the post.
Neither do I like Microsoft nor vscode but to me it looks like the tunnel thingy can (and definitely should) be blocked off easily and it seems to be even documented by Microsoft.
This seems similar to an ssh session, but ssh has great authentication and authorization parameters that can be setup. Whereas code.exe is left open.
So why is this getting down voted. Seems like a valid concern.
I think it’s getting down-voted purely because OP’s title is essentially “mIcRo$oFt bAd!” instead of describing the issue. It’s not getting down-voted anywhere else this article was cross-posted to, where they used the article’s actual title.