π¨ If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised
-
If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised -
If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised
@thomasfuchs I feel adding "CLI" is a pretty important distinction here so as not to cause undue stress to BW users (of which I am one, including the CLI!). We don't know if they've been further compromised... yet.
-
@thomasfuchs I feel adding "CLI" is a pretty important distinction here so as not to cause undue stress to BW users (of which I am one, including the CLI!). We don't know if they've been further compromised... yet.
@Odaeus @thomasfuchs
I agree. I am scouring the article to find out whether passwords have been compromised. Couldn't they just lead with that?I had to look up what a "CLI" is. Even after finding the definition, it only made things more confusing.
By the way, CLI = Command Line Interface, in case that helps anyone besides me.
I try to do for initialisms and acronyms what alt text does for images.
-
If you use Bitwarden, please immediately read: https://socket.dev/blog/bitwarden-cli-compromised
@thomasfuchs I'm grateful that the version in Arch is apparently a couple of releases behind... but that was pretty scary for a moment.
-
@Odaeus @thomasfuchs
I agree. I am scouring the article to find out whether passwords have been compromised. Couldn't they just lead with that?I had to look up what a "CLI" is. Even after finding the definition, it only made things more confusing.
By the way, CLI = Command Line Interface, in case that helps anyone besides me.
I try to do for initialisms and acronyms what alt text does for images.
@shansterable @thomasfuchs in this case, "Bitwarden CLI" is the name of the product from Bitwarden that was compromised. The message should be that if you don't know what it means you don't need to worry! Relatively few BW users use it.
Even for those few people who have been compromised by using the infection version, current indications are that their vault was not specifically leaked because of the way the virus works. However, if they are a programmer (likely, given the specialist nature) then they now have a serious issue as it leaks sensitive data that it finds.
Techies are concerned about this because it is a big red flag around BWs processes and could indicate they have also been compromised internally by their own tool. They say they've found no evidence of this though: https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127
-
@shansterable @thomasfuchs in this case, "Bitwarden CLI" is the name of the product from Bitwarden that was compromised. The message should be that if you don't know what it means you don't need to worry! Relatively few BW users use it.
Even for those few people who have been compromised by using the infection version, current indications are that their vault was not specifically leaked because of the way the virus works. However, if they are a programmer (likely, given the specialist nature) then they now have a serious issue as it leaks sensitive data that it finds.
Techies are concerned about this because it is a big red flag around BWs processes and could indicate they have also been compromised internally by their own tool. They say they've found no evidence of this though: https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127
@Odaeus
Thank you. My husband uses Bitwarden and I was worried.Especially since it took me years to convince him to use a password vault because he doesn't trust them.
-
@Odaeus
Thank you. My husband uses Bitwarden and I was worried.Especially since it took me years to convince him to use a password vault because he doesn't trust them.
@shansterable you're welcome, I'm still working on getting mine to use it!
-
R relay@relay.mycrowd.ca shared this topicSystem shared this topic
