wp-plugin-hostgator
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114ol-scrapes
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114Source: https:\/\/www.theverge.com\/2022\/3\/21\/22989339\/protestware-attacks-russia-sberbank-open-source<\/a> As the Russian invasion of Ukraine draws on, consequences are being felt by many parts of the technology sector, including open-source software development.<\/p>\n In a recent announcement, the Russian bank Sber advised its customers to temporarily stop installing software updates to any applications out of concern that they could contain malicious code specifically targeted at Russian users, labeled by some as \u201cprotestware.\u201d<\/a><\/p>\n As quoted in Russian-language news sites<\/a>, Sber\u2019s announcement reads:<\/p>\n Currently, cases of provocative media content being introduced into freely distributed software have become more frequent. In addition, various content and malicious code can be embedded in freely distributed libraries used for software development. The use of such software can lead to malware infection of personal and corporate computers, as well as IT infrastructure.<\/p>\n<\/blockquote>\n Where there was an urgent need to use the software, Sber advised clients to scan files with an antivirus or carry out manual review of source code \u2014 a suggestion that is likely to be impractical, if not impossible, for most users.<\/p>\n Though framed in general terms, the announcement was likely made in reference to an incident that took place earlier in March, where the developer of a widely used JavaScript library added an update that overwrote files on machines located in Russia or Belarus<\/a>. Supposedly implemented as a protest against the war, the update raised alarm from many in the open-source community, with fears that it would undermine confidence in the security of open-source software overall.<\/p>\n The update was made in a JavaScript module called node-ipc<\/a>, which, according to the NPM package manager, is downloaded around 1 million times per week<\/a> and used as a dependency by the popular front-end development framework Vue.js.<\/p>\n According to The Register<\/em>, updates to node-ipc made on March 7th and March 8th added code that checked whether the IP address of a host machine was geolocated in Russia or Belarus, and if so, overwrote as many files as possible with a heart symbol<\/a>. A later version of the module dispensed with the overwriting function and instead dropped a text file on users\u2019 desktops containing a message<\/a> that \u201cwar is not the answer, no matter how bad it is,\u201d with a link to a song by Matisyahu.<\/p>\n Although the most destructive features of the \u201cprotestware\u201d module no longer appear in the code, the consequences are harder to undo. Since open-source libraries are fundamental to software development, a general loss of trust in their integrity could have knock-on effects for users in Russia and elsewhere.<\/p>\n In a tweet<\/a>, cybersecurity analyst Selena Larson referred to it as \u201cforced insecurity\u201d; in general, the open-source community has fiercely condemned the node-ipc update<\/a> and pushed back on the idea of protest through module sabotage, even for worthy causes. <\/p>\n More broadly, the Ukraine conflict has posed difficult ethical questions to technology companies working in Russia. While many global tech leaders like Apple<\/a>, Amazon<\/a>, and Sony<\/a> have paused or halted sales in the Russian market, others remain: in a blog post from March 7th, Cloudflare CEO Matthew Prince said that the company would continue to provide service in Russia<\/a> despite calls to pull out, writing that \u201cRussia needs more Internet access, not less.\u201d<\/p>\n<\/div>\n
\n
<\/br><\/code><\/p>\n\n