Detect pressed keys via microphone audio capture in real-time. Uses training data captured by typing first. Very neat!
github.com/ggerganov/kbd-…
Based on ideas in this classic traffic analysis paper: Timing Analysis of Keystrokes and Timing Attacks on SSH people.eecs.berkeley.edu/~daw/papers/ss…
🤩 Exciting news! I'm ready to share the project I've been working on for the past 2 months.
✨ Wormhole – the fastest way to send files ✨
Wormhole lets you share files with end-to-end encryption and it's super fast.
Send a file in just 2 seconds: wormhole.app
I wish more developers understood the constant stream of malware that is posted to npm, PyPI, and all package managers...
Here's just a taste of some crazy malware Socket identified in the past couple weeks...
All malware descriptions were FULLY WRITTEN by Socket AI.
🙌 Just released a CLI tool called `thanks` to help you thank the open source maintainers you depend on! ✨
1. Run 'npx thanks' in your project
2. See which of your dependencies are seeking donations! 💸
🌟 Open source authors, add yourself to the list: github.com/feross/thanks
Irresponsible post. End-to-end encryption works precisely because it assumes untrusted infrastructure.
Whether Signal runs on AWS, GCP, or their own servers doesn’t matter -- the math does. Every Wi-Fi hotspot, ISP, and backbone in between is untrusted by design.
🚨 The Express.js repo got swamped with spam PRs thanks to a YouTube tutorial gone wrong. Hundreds of low-effort contributions flooded in, creating chaos for maintainers.
Some called it an "attack on open source", as pages of "UTTER GARBAGE" piled up in the Express.js project.
The `xz` package backdoor is just the tip of the iceberg.
There's a CONSTANT low-level stream of malware and spyware being uploaded to npm, PyPI, and Go registries.
I want to share a few examples from the 20,000+ malicious packages we detected so far:
🚨 Major active supply chain attack just hit npm.
Popular package @ctrl/tinycolor was trojanized — and it didn’t stop there. Over 40 packages were silently modified to steal secrets from dev machines & CI pipelines.
Our team at Socket caught it. Full report coming soon. Stay
"someone transferred ~0.05 BTC (currently ~$900), paying 0.01 BTC in fees (currently ~$180)
and the network burned enough electricity for that single transaction to drive a Model S well over 1000km, or power an average house in Germany for about a month"
– @dcposch