Daily Archives: 27/11/2018

The anatomy of an attack in the world of open source software

Published by:

“The secured, shared bitcoin wallet” reads the tagline of Copay. You know, that part of the entire marketing strategy of any brand that really gets printed and displayed anywhere to create a strong bond between the message itself and the brand. It also turns out that the “secure” part was not that secure recently as a NPM package vulnerability in v5.0.2-5.1.0 of Copay and BitPay Wallets was discovered few days ago. Still this post is not about Copay or BitPay. Since Copay and BitPay wallets rely on open source software I really aim to depict a timeline of what happened, what can we learn about the current state of open source software and some aspects that all players in the open source community should think about. Continue reading