Unfortunatelly I wasn't as lucky to do my due diligence checking the harm on the code before I ran it. I only lost a few dollars I had in my wallet though.

This is the code base provided (I already flagged with gitlab): https://gitlab.com/0xstake-group

And the actual task (which was a distraction - also flagged with notion): https://www.notion.so/Web3-Project-Evaluation-1f25d6f4dcf180...

It's not down to luck. If you maintain good habits and personal processes you will not fall for this. "Everybody gets phished" is overstated.

> Do you work at Facebook? Shame on you.

Does it apply to the people using its products, softwares, services?

What's the ethical threshold for using reactjs for example in this scenario?

By using reactjs you are supporting their R&D. It improves their attractiveness for top researchers.

What if you use a website that uses reactjs? How culpable are you?

Thank you for making value judgements on our behalf.

Well, in this case "more culpable" doesn't make much sense, or do you think otherwise? Perhaps equally culpable would be an option.

Not sure what point you are trying to make, though.

They did have a license with a clause allowing them to sue or restrict access to it legally, but they changed it to a more permissive one. Also, even if they did try to do anything, no one was stopping you from replacing react with inferno or preact, they have compatible APIs.

The guys responsible for the information security worked at Equifax before: https://www.linkedin.com/in/mike-gustavison-b020426/

Coincidence? Strike two?

And he joined Equifax after jumping ship from A. G. Edwards in 2008, presumably because the company was accused of fraud in that same year.

His first security gig was Senior IT Security Analyst at A. G. Edwards and Sons. His only work experience before that was Supervisor of Branch Installations.

This seems unbelievable, but that senior security position was his first IT experience.

Could this be a scheme to sell customer data?

I assumed for some time that installing backdoors is a good way to sell customer data you otherwise wouldn't be allowed to share.

Equifax didn't fall victim to a backdoor but to an outdated Apache Struts that no one noticed.

I'm not only talking about this particular case, but in general. "Accidental" backdoors let companies share data they legally couldn't share.

Look at Facebook and how their API was surprisingly abused for years until they noticed it.

“The biggest concern is credit card data, a breach occurring on a digital property is devastating to companies.”

Mike Gustavison , Director of Info Sec , Panera Bread

I am the sole director of a company based in the UK. Through this company I am doing some work for a company in San Francisco. All the work is done remotely but once in a while I need to go to the office. I am currently just entering in the US with a visitor/tourist visa. Theoretically, which visa should I be applying or is there a visa for that sort of temporary (less than month) work in American soil?

This is complicated. In short, while in the U.S., you shouldn't get paid by your U.S. clients and the "work" you do should be along the lines of status meetings, not "productive" employment. Otherwise, you will need a work visa.

Really appreciate your help on this.

Everytime I read lenovo my mind automatically translates it to superfish.

And then you add Google on top of this and you have a phone with open ears and eyes.

Wait, I thought Lenovo was automatically translated to 'Lizard People'?

That is before the MITM attack

"Tickets will go on sale June 20th at 10am!" Surely it's not 10am GMT. Anyone knows the time zone of the referred 10am?

They're already on sale, bought mine earlier so I'm guessing they meant GMT. Would make sense given that the event is on in London.

Hate to be that guy, but UK is in BST now which is GMT+1 :-)

That's a post from 2011. Screen Sharing is available to any mac under System Preferences>Sharing