Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Running Claude Code Securely in Docker with VSCode Dev Containers

2025-07-13
Running Claude Code Securely in Docker with VSCode Dev Containers

The author shares their experience transitioning from a less secure AI coding setup to running Claude Code in a Docker container using VSCode's Dev Container feature. Highlighting the security risks of running AI agents directly on the local machine, the author advocates for the isolated environment provided by Docker, limiting Claude Code's access to the filesystem. A detailed setup guide is provided, including creating a devcontainer.json file and using Fine-Grained access tokens for GitHub, making it easy for readers to replicate the setup.

Read more
(timsh.org)
Development

Tracking Leaked Location Data from Mobile Apps: A Python-Powered Citizen Science Project

2025-04-18
Tracking Leaked Location Data from Mobile Apps: A Python-Powered Citizen Science Project

Following up on a previous post exposing how mobile apps share location data through ads, the author shares a faster, more scalable method using mitmproxy and Python. This allows users to record app traffic and filter for requests containing sensitive data like location information using custom keywords. A GitHub repo with a detailed guide and Python notebook is provided for participation. A crowdsourced spreadsheet collects observations on data sharing behaviors of various apps, encouraging a citizen science effort to uncover app data privacy issues.

Read more
(timsh.org)
Tech

GitHub Repo Scam: Thousands of Malicious Repositories Discovered

2025-02-28
GitHub Repo Scam: Thousands of Malicious Repositories Discovered

A security researcher uncovered a massive scam leveraging GitHub to distribute malware. Thousands of repositories, disguised as game mods, cracked software, and other enticing downloads, were created to steal user data. Upon execution, these malicious programs collect sensitive information—crypto wallet keys, bank account details, social media credentials—and send it to a Discord server. Analyzing a detailed guide on creating these scam repositories, the researcher identified 1115 potentially malicious repositories, with fewer than 10% showing open issues with complaints. The malware, identified as Redox, systematically gathers various data points from the victim's computer and transmits them to a Discord webhook. This case highlights the scale and sophistication of cybercrime and underscores the need for enhanced security measures on platforms like GitHub.

Read more
(timsh.org)
Tech GitHub security

I Tracked Myself Using Leaked Geolocation Data: A Shocking Experiment

2025-02-02
I Tracked Myself Using Leaked Geolocation Data: A Shocking Experiment

A recent geolocation data leak from Gravy Analytics exposed over 2000 apps secretly collecting location data, often without developers' knowledge. To investigate, I installed a single game and used Charles Proxy to monitor network traffic. Even with location services disabled, the game leaked my approximate location and IP address via Unity Ads, Facebook, and other ad platforms. The data included surprisingly granular details like screen brightness and memory usage. Further investigation revealed the ease of purchasing datasets linking identifiers to personal information, enabling precise location tracking. This experiment highlights the alarming scale of data leakage in the mobile advertising ecosystem and the significant risks to user privacy.

Read more
(timsh.org)
Tech geolocation leak ad tracking