Moneroon

Thank you @gnukeith for coming down, hope you had a great time! Until next time <3

The LiteLLM supply chain attack is big shenanigans. I have to explain the whole thingie though so you can get the full context of the shenanigans. TeamPCP (the people who probably did it) is unironically swinging a big ass fuck off baseball bat, they're swinging for the moon. tl;dr see picture of cat as summary I also want to preface this with I DID NOT PERFORM THIS ANALYSIS. I almost never do open-source solutions malware stuff and this is also more in the line of work with DFIR (Digital Forensics and Incident Response). This summary comes from various peers and colleagues of mine who have been discussing TeamPCP the past couple of days. DFIR nerds I sourced: - @ramimacisabird - @InsiderPhD Non DFIR nerds I sourced: - @IceSolst - @IntCyberDigest Yeah, so pretty much this group of nerds named TeamPCP bamboozled an open-source security product called Trivy. TeamPCP sent a pull request on GitHub but did it with "pull_request_target". Normally a pull request isn't a big deal. Nerds do it all the time. "pull_request_target" though is designed to copy secrets, tokens, etc. pull_request_target is a legit thing. People do it all the time. It should only be performed by people you trust. TeamPCP impersonated a legitimate GitHub contributor. Trivy was caught slippin'. When TeamPCP did pull_request_target they stole access tokens to a place called Aqua Security. Aqua Security was like, "lol gosh dang it" and did what you were supposed to do. They rotated access tokens and passwords and stuff. However, Aqua made an oopsie and forgot to rotate the stuff for one of their automation bots. Once TeamPCP had access they injected malicious code which steal environment variables, SSH keys, cloud credentials, cryptotokens, etc into three things. - Trivy - Trivy GitHub actions - Trivy Docker stuff As is tradition, once TeamPCP put malware into Trivy stuff, anyone who did anything with Trivy was given malware. TeamPCP got a metric poop ton of stolen data and began using it to move to NPM projects. The projects they infected next was infected with a malware people named "CanisterWorm". In extreme summary, CanisterWorm placed stuff in package.json from the infected NPM project. Every new infected NPM project would download malware to the machine that (unsurprisingly) stole your data. TeamPCP seems to have been inspired by the North Korean government, or ALPHV ransomware group, because instead of stealing data to their server they store it on the blockchain ... making it virtually impossible to takedown. LiteLLM takes place somewhere between Trivy and CanisterWorm. As of this writing the exact way TeamPCP got access to LiteLLM is unknown, however it's heavily speculated it is from Trivy. TeamPCP also stated very bluntly they got access from Trivy but ... they could also be lying. This may come as a surprise, but sometimes criminals lie to cover their tracks. LiteLLM infection though was a few more degrees amplified than the previous stuff. LiteLLM infection also attempts lateral movement by automating Kubernetes stuff. LiteLLM infection also steals a ton more data than previous stuff. Here is the big ass list of stuff it steals: - SSH keys - AWS credentials and configurations - GCP credentials and configurations - Azure environment variables - Kubernetes credentials and configurations - Environment configurations - Shell History - Git credentials and configurations - Docker credentials and configurations - Database instances - IaC / CI/DI - SSL private keys - Solana keys - Crypto wallets - VPN credentials and configurations - Hashicorp vault (?) - NPM configurations - SMTP credentials TeamPCP is unironically putting in big moves. What makes them unusual is how profoundly aggressive they are. It isn't uncommon for Threat Actors to attempt things like this, but TeamPCP is doing something more akin to "smash and grab" rather than "stay silent and watch".

@gnukeith Thought my notifications were broken

🫪🫪🫪🫪🫪🫪🫪🫪

Sophie Wilson she co-designed the ARM (Acorn RISC Machine) processor architecture in the 1980s. ARM powers the vast majority of smartphones, tablets, embedded devices, and many other systems today. Martine Rothblatt founded Sirius Satellite Radio (now SiriusXM), pioneering satellite-based digital audio broadcasting and related communications tech. She holds patents in satellite systems, global portable internet via low-Earth orbit, and navigation. Mary Ann Horton a key architect of Usenet (one of the earliest decentralized computer networks and a direct precursor to modern internet forums and discussion systems). She invented uuencode, the method that enabled binary file attachments in email and early online systems. Horton also contributed to Berkeley UNIX, which helped expand early internet infrastructure. Lynn Conway while at IBM in the 1960s, she invented generalized dynamic instruction scheduling (a form of out-of-order execution), a foundational technique still used in nearly all modern high-performance CPUs to boost speed and efficiency. I don't give a fuck about your political opinion but the trans community is awesome and has been a HUGE contributor to tech.

this outrage seems quite stupid and misguided systemd is not enforcing age verification, they are adding a possible optional and unverified way for distros to signal user age to apps this is a legal requirement in some jurisdictions now all distros whether they're running systemd or not will have to choose whether they're going to do some kind of bare minimum compliance with these laws or to simply explicitly prohibit their use in affected jurisdictions people seem to think systemd is giving ur ssn to palantir or something when it's pretty fucking obvious that the thing they're building in is the only privacy preserving way to comply with this garbage if you, as a distro or whatever. want to not commit crimes in these jurisdictions you will have to use shit like this, Devuan isn't going to be a legal alternative, it's just going to be crimes, or alternatively, if Linux as a whole took a hard step against this shit u would need to swap to windows or apple where they actually would just give ur ssn to palantir it's an awful situation for privacy, but the people complaining about systemd's implementation seem to be under the impression that laws just disappear if you decide to ignore them fight for a world where this isn't required, but in the mean time, this is your best bet. and like birthday? the userdb already contains far more sensitive information than this. this is a fuckin stupid hill to die on imo

Nice try fed, we don't want that.

@assuka_ Yeah pretty much, the price tag isn’t nice especially when’ the DIY option out there are several hundreds bucks cheaper

@moneroon isnt it just a ultrasonic microphone blocker that costs 1k though? it looks awesome but… that price tag

Yo this actually looks promising. I’d love to see the logging feature though that sound quite interesting.

@Pirat_Nation Oh buddy

Colorado's Senate Bill 26-051 would require operating systems like Windows or Linux to include age verification during initial device setup. Introduced by Sen. Matt Ball and Rep. Amy Paschal, the bill mandates that OS providers prompt users or parents to enter a birth date or age during account creation. The bill remains pending, with a committee hearing scheduled for February 24, 2026. If passed, the requirements would apply to new device setups starting January 1, 2028.

@gnukeith Does this increase performance?

Only if AI companies knew this one simple trick.

@theo You should definitely have @gnukeith on there

Is it too late to start a podcast?

@PulsarGears Please sponsor @gnukeith he doesn't stop talking about you guys while streaming.

Happy Valentine's Day! Are you single? Watching anime alone tonight? Still using that lame VPN? Well we can fix one of these problems, if you use the code 'noonelikesnordvpn15' you get 15% off your Obscura sub.

@gnukeith HML - hannahmontana.sourceforge.net

@UK_Daniel_Card I’m baffled 🤣

Mine was 13GB 😅

here my vpn tierlist

@newstarcore @obscuravpn mentioned!

@gnukeith A full lifetime 😭

How long till I can run Opus 4.6 locally on my phone?

@acxtrila @gnukeith Keith is so lucky 😭

Thanks for hanging out @gnukeith 🖤

It's that time of the year again