Malware

[Wesley1600]

 I want to run under the assumption that you are not aware that the nodejs download link in your about page is stuffed with self replacating viruses on the Reor repo. For the time being I'll be pecking away notes about Reor the old fashioned way. Hopefully  when my friend gets back we can use a usb to wipe the entirety of my computer in a way that fixes the problem. a soft  delete and repartitioningg of the harddrive and reinstalling the OS did not kill them off.

 I wanted to offer some help polishing up the interface by knocking out the Linux window for you and offer some input and assistance with connecting your existing vector database to a 3 or 4 dimensional representation (Like Obsidian Graph View, maybe with a spare dimensions to keep it interesting) that people could use to really make it their own. Almost everybody likes the idea of having a second brain AI that shares a similiar level of relational context to their own ( The Function). But, at the end of the day, a lot of people like fiddling with knick knacs so they can feel like their emotional investment in things they understand brought the structure into being.

I'll assume you will look into the lazy opsec guy trap I fell into before too many people end up in the same boat. It's not a great look for a small operation that's beginningg to have some fierce competition in the space.

 Happy hunting, let me know when you have it resolved and if you'd be interested in the DB backend help,
               Wes

[shoegazeblues]

Wow, 2 weeks without a response doesn't bode well. Can we get some clarity on what is going on here?

Has this app ever gotten a security audit?

Can we get build instructions so that we can audit the releases?

[danyalaytekin]

@shoegazeblues The link in the about section is to Node's official domain. I don't think it will download "self replicating viruses". I hope the author will return to explain what is happening once they have replaced their computer.

[Wesley1600]

Yeah, I'm fairly confident they built the project to spread viruses through the node.js link in their read me. I ran it more intelligently the second time around and had a chance to run it in a faked network using QubesOS. The virus is designed to hang out and gather info about the system it gets into as well as port scanning other computers on the network in an attempt to spread out. Once it has passed all the data it is set up to look for it goes into self destruct mode. There are a few different kinds of scripts that multiply exponentially to create a DOS attack on any user present while writing over every bit of harddrive space through gaining root access via key logging. I suspect, tho can't really prove, that it even has the ability to lodge itself in the some motherboard hardware specific to AMD processors. It's pretty nasty stuff. I can't figure out how it could have infected my Qubes dom0 unless it was still on the motherboard. After that experiment I pulled the cmos battery long enough to be sure it couldn't persist there and I have been running an arch install since without it cropping up again. Be careful out there somebody means business. Sent from Proton Mail Android

…

-------- Original Message --------

On 12/17/24 7:29 AM, shoegazeblues wrote: Wow, 2 weeks without a response doesn't bode well. Can we get some clarity on what is going on here? Has this app ever gotten a security audit? Can we get build instructions so that we can audit the releases? — Reply to this email directly, [view it on GitHub](#493 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/BEIGUIE4LOKPW6DFNFQVJPL2GAYNVAVCNFSM6AAAAABTDFM2FKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNBYGYYTGMJQGY). You are receiving this because you authored the thread.Message ID: ***@***.***>

[samlhuillier]

Please clarify where this virus is and I will fix asap.
The nodejs link is to this https://nodejs.org/en/download which is the official page

[shoegazeblues]

Seconded, this is a serious accusation. Please post a link to the node.js runtime you're talking about.