Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Microsoft CAN do it right!
- Date: Sun, 28 Sep 2025 10:32:09 +0200
- From: Christian Horn <chorn@example.com>
- Subject: Re: [tlug] Microsoft CAN do it right!
- References: <CB23F6DE-6D2A-4E11-B6CA-E69757C2EE5B@osburn.com> <a9587fd4-6e28-42fa-8f72-27e161321e68@email.android.com>
- User-agent: Mutt/2.2.13 (2024-03-09)
On 28 Sept 2025 10:37, osburn <tim@example.com> wrote: > Here is one example :) > https://www.koi.security/blog/postmark-mcp-npm-malicious-backdoor-email-theft > -osburn- An interesting vector, thanks. On Sun, Sep 28, 2025 at 12:07:55PM +0900, Michael Paddon wrote: > Thanks for the interesting article link. > You have to take the hyperbole of people with something to sell with a > grain of salt. There's nothing special about MCP code. It has whatever > permissions you give it, just like any other software you install. It > doesn't magically install itself. This is where a robust software > supply chain becomes important. I was also thinking what we use to the left and to the right: browser plugins and packages from our distros can do the same as above postmark-mcp. First thing is for us to understand the attack vector, and companies to educate their employees. Also strictly using code from i.e. Debian stable or an enterprise distro could lower the chances of such surprises. The topic did not come up with AI, but its certainly a fresh attack area. Chris
- References:
- Re: [tlug] Microsoft CAN do it right!
- From: osburn
- Re: [tlug] Microsoft CAN do it right!
- From: Michael Paddon
- Re: [tlug] Microsoft CAN do it right!
- Prev by Date: Re: [tlug] Microsoft CAN do it right!
- Next by Date: Re: [tlug] Microsoft CAN do it right!
- Previous by thread: Re: [tlug] Microsoft CAN do it right!
- Next by thread: Re: [tlug] Microsoft CAN do it right!
- Index(es):