From postalcoder in news.ycombinator.com/item?id=4758...:

~/.config/uv/uv.toml
exclude-newer = "7 days"

~/.npmrc
min-release-age=7
ignore-scripts=true

~/Library/Preferences/pnpm/rc
minimum-release-age=10080

~/.bunfig.toml
[install]
minimumReleaseAge = 604800

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigatin...

The compromise of Axios is another reminder to configure your package manager to use a minimum release age.

Not a perfect solution but provides folks a few days to catch and respond to a supply chain attack.

Great talk on making your reverse shells disappear using rootkits by Asritha from the UMass Cyber Security Club at BSides CT this morning

The BSides CT conference badges are 😎

Nancy on Norwalk
Save the Date! Sept. 4 NancyOnNorwalk Democratic Primary Mayoral Debate
Join us as Democratic Primary candidates Barbara Smyth and Darlene Young answer questions and share their vision for the future of Norwalk. Mark Berns,...

Read more

Middletown police say speed cameras contributed to 120,000 fewer incidents of speeding a week The chief hopes the other cameras by Spencer Elementary School and Moody School will be operational next month.

This is really tough news for the “I want to legally break the law” speeding crowd

www.ctpost.com/news/article...

Nancy on Norwalk
Norwalk Tree Alliance, Courville Nurseries launch free tree giveaway
NORWALK, Conn. — The Norwalk Tree Alliance has partnered with Courville Nurseries to give away free trees to residents in an effort to cool city streets and...

Read more

Emails: Lamont sought counsel on HB 5002 housing bill opposition CT Gov. Ned Lamont involved his wife, a former state senator and others in discussions over how to respond to opposition to HB 5002.

"They [staffers in the governor's office] reported that much of the opposition came from Fairfield County residents who appeared not to have read the actual bill."

ctmirror.org/2025/08/18/c...

Writing Code Was Never The Bottleneck LLMs make it easier to write code, but understanding, reviewing, and maintaining it still takes time, trust, and good judgment.

ordep.dev/posts/writin...

GitHub Copilot is useful for asking questions about a repository you’re evaluating. “What network requests does this package make? Show me where in the code” “Does this package read any envars or configuration data?”

“Malware doesn’t go ‘boom!’” in the context of NPM package malware. It may perform the stated capabilities, but carries out its objective quietly. The packages follow the trends, currently focused on Vite, MCP, and Solana. Give those packages more scrutiny.

Great talk by 6mile @ DC33

“We always want to lose, thats the goal […] we want to lose during the table top so we win during the incident”

Talks - BSides Las Vegas BSides Las Vegas is a nonprofit organization formed to stimulate the Information Security industry and community.

“Your table top should be designed for you to fail […] if your exercise is too easy or generic you risk being blindsided during an incident.” bsideslv.org/talks#9RELPE #BSidesLV

GitHub - luminaut-org/luminaut: Casting light on shadow cloud deployments. Detect exposure of resources deployed in AWS. Casting light on shadow cloud deployments. Detect exposure of resources deployed in AWS. - luminaut-org/luminaut

Excited to present Luminaut.org at #BSidesLV & #BlackHat Arsenal 2025! Our open-source tool helps incident responders quickly identify exposed cloud resources and scope shadow IT environments. From #AWS to #GCloud, get critical context in minutes

Nancy on Norwalk
Norwalk Narrows Down Locations for New Airport
NORWALK, Conn. — Residents of Norwalk may be surprised to find their city in the running for a new international airport. Funding for the project was tucked into the 2021 Bipartisan...

Read more

Make your own Jackson Pollock style art jacksonpollock.org

Announcing Luminaut! An open-source utility for triaging exposed cloud resources from the inside-out.

Check it out at: luminaut.org

Big thanks to everyone who joined our Shmoocon talk this year!

TIL about meshtastic, a protocol supporting long range mesh communication over low cost and low power devices.

Especially useful at Shmoocon, as cell reception is terrible in the conference space.

Love the pager form factor

Thrilled to speak at Shmoocon this year! We’ll be releasing and presenting Luminaut, our open-source tool for detecting exposure of cloud resources from the inside-out to uncover PoC and shadow IT environments.

www.shmoocon.org/speakers/#sh...

Ha! Though cleaning it only takes 2 min 😉

TIL a damp paper towel, dipped in ash, cleans fireplace glass surprisingly well

Nancy on Norwalk
NORWALK, Conn. — In the coming weeks, 23,000 residents will see part or all of their medical debt cancelled, Connecticut officials announced on Monday morning at the state Capitol. The measure will erase $30 million in medical...

Read more

Parsing Jenkins Configuration Files for Forensics and Fun Social description text

A little blog post and script from Stroz Friedberg for investigating Jenkins servers:

www.aon.com/en/insights/...

github.com/strozfriedbe...

30 day public comment period is open, direct link here: www.norwalkct.gov/DocumentCent...

Excited that we were able to expand childcare availability in Norwalk!

As mentioned in the discussions, I hope this enables more parents to walk their kids to daycare and have options near where they live.

www.nancyonnorwalk.com/planning-and...

Screenshot of the current outage notice, from https://status.openai.com

OpenAI has a bit of downtime this evening: status.openai.com

While podcastaddict.com is my favorite Android podcast app, overcast.fm is easily my favorite on iOS

Anyone else feel their Spotify wrapped was a summary of the songs Spotify kept forcing into your line up?