franzap on Nostr: Security blunder one after the other. How do people still trust Ledger ...
Security blunder one after the other. How do people still trust Ledger
Ledger patched a vulnerable library in their Connect Kit today. Summary from someone on Elons app:
1. They are loading JS from a CDN.
2. They are not version locking loaded JS.
3. They had their CDN compromised.
Published at
2023-12-14 15:17:59Event JSON
{
"id": "104d36d3f099c7b66e852c424a16d28e8d3381ec4d8d4a069820f8bfe05482ae",
"pubkey": "726a1e261cc6474674e8285e3951b3bb139be9a773d1acf49dc868db861a1c11",
"created_at": 1702567079,
"kind": 1,
"tags": [
[
"e",
"ccd84e9815834874e5708334964e0969b33e4b8c5850733be7406a8e98fb0c85",
"",
"mention"
]
],
"content": "Security blunder one after the other. How do people still trust Ledger\n\nnostr:note1envyaxq4sdy8fetssv6fvnsfdxenujuvtpg8xwl8gp4gax8mpjzs59geza ",
"sig": "195ee1523c335d600c771a4fe96603ef703ef4dccdd9e76f81fc9dcb95f68d37d7f06163c7eab4e8ecfad131a4ab232757b54e546364e94c55fffdf6550e7b94"
}
