alt Hacker NewsI've done this exact approach before. It's a good way to exfiltrate data. Post the software on GitHub pages, or a popular CDN that co-hosts other shared libraries and you've got a very difficult to block method.
Really goes to show that it's very difficult to stop a motivated and informed actor.
Replies
skeptic_ai • today at 2:42 PM
Npm install qr-made-up-name Can show qr in console. How do you stop that?
➕ show 1 reply
If you can connect to Github pages couldn't you exfil that way? This takes 2 mins for 100KB.