[1] https://learn.thinkdiffusion.com/bria-ai-for-background-remo...
I would say that the "more secure way" is to just use ComfyUI without installing any obscure nodes from unknown developers. You can do pretty much anything using just the default nodes and the big node packs.
Today's capture (before the repo got 404'd) has their belligerence spiel. https://web.archive.org/web/20240609135118/https://github.co...
This is the capture from 3 days prior: https://web.archive.org/web/20240525021402/https://github.co...
The author of the repo is claiming that their repo is hacked, but this is an obvious lie, because their very first GitHub commit is the one where they push the malware. Nobody would hack an empty GitHub account.
I don't know if the author of the repo is lying when they say that Nullbulge is behind the attack (perhaps the author is part of Nullbulge, perhaps not).
According to the original report, the “key logger” was in the custom wheels in the requirements.txt, but looking at that repository there has been only two commits, which according to Reddit both had malicious code in them.
Of course, proper discovery would be easier if the GitHub account still existed.
There's examples like this post, but also, until recently, almost every deep learning model was literally distributed as a pickle file.
1) As the developer if you focus on hardening, you might be too late to release.
2) People downloading shiny new libs/files/programs constantly.
3) Influx of people not that versed in the basics of computer security playing around with local LLM models, image generators, etc.
Those same points (but the NodeJS/NPM version of them) is a lot of why that ecosystem is having security and reputation issues as well.
#1 users are responsible to look after their privacy. If you are using applications that don’t allow this - you need to reject the use of those applications.
#2 this needs to start happening in mass numbers. People need to rise up against these crazy corporate tech companies and their bull
https://www.techrepublic.com/article/how-to-fix-the-docker-a...
Hobbit jokes aside, yes, it pokes holes in the firewall on the machine hosting docker. It generally creates a lot of firewall rules to isolate or permit traffic to/from containers and expose ports.
Your "safest" bet is probably to only expose docker containers on the localhost interface, and use a reverse proxy (Nginx/Traefik/etc) to expose services. At least that's how i did it when i last ran Docker a few years ago.
Was this the main method of GPT4 and Claude integrations for ComfyUI?
I have personally never starred anything that I use. And 90% of the open source that I use isn't on github.
I keep coming across various projects whose executables trigger antivirus programs, and I think that when those triggers happen, "it's fine, don't worry" claims need to be treated with more skepticism.
At the same time, antivirus vendors need to stop being so lazy and using strings and such that are clearly part of an open source program/library for their signatures.
I was hacking on some open source stuff targeting win32, I posted some binaries on GitHub releases, I try to share with others... People tell me it's flagged as malware. It isn't malware. What do I tell them?
I hear code signing helps the heuristics to not get it flagged, but doesn't remove it.
If people working on said software want the warnings to be taken seriously, they should work on reducing false positives.
Honestly there's quite a lot of malware that go against those files, I wonder if there's a way to require high privilege to accessing chrome/firefox appdata, or just block it entirely from other apps.
Actual keyloggers tend to be rare nowadays due to them being easier to detect and the fact that in general the browser data is a more valuable target.
Magic link emails can also work, but are potentially vulnerable if you copy/pasted it rather than clicking depending on the keylogger's capability and clipboard visibility, although the window for attack is small, it's a much more sophisticated attack that leaves more traces (good sites will reject reuse).
Second best, also use a second factor: U2F ideally, TOTP with the same caveats as magic link emails, and at the bottom of the barrel SMS which is better than nothing but known to be very flawed.
Honestly, if you are anything other than a casual user, and don't have devices with support baked in already, it's crazy not to spend ~£60 on a pair of security keys for passkey/U2F. It's not a lot of money and is just so much more secure.
If a process has the privileges to run as a keylogger, it can also grab your local SSH private keys and possibly harvest passwords and passkeys from your local password manager vault [1]. The process has local access and since it is a key logger presumably your master password. (The complexity depends a bit on the password manager, e.g. IIRC macOS keychain always requires a roundtrip through the secure enclave).
Honestly, if you are anything other than a casual user, and don't have devices with support baked in already, it's crazy not to spend ~£60 on a pair of security keys for passkey/U2F. It's not a lot of money and is just so much more secure.
100% this. A secure enclave or a hardware key is the only way to keep your key material safe.
Also, app sandboxing should be the default. macOS App Store Apps are sandboxed. Unfortunately, these days the standard is still for applications to have unfettered access to a user's files.
[1] Passkeys can also be on a security key, but e.g. Yubikeys only have a small number of resident key slots and I think passkeys to most people means key material synced through iCloud/1Password/your favorite cloud.
A VM with GPU passthrough set up would be one example (although this is usually a pain to set up and I expect most people aren't doing it).
As a more user-friendly example, if you install an iOS app (local-model LLM and image generation apps exist), the sandboxing provided by the OS ought to be more than enough to prevent keyloggers, short of 0day exploits.
So, don't run stuff as root. If it needs root access, run it in a virtual machine (personally I use qubes os for this).
They have a couple of other tools hosted on HuggingFace, both having the malicious dependencies and both requiring entering API keys, namely:
"SillyTavern Character Generator": https://archive.is/gETq3 (requirements.txt: https://archive.is/xqqtA)
"Image Description with Claude Models and GPT-4 Vision": https://archive.is/6Ydgs (requirements.txt: https://archive.is/9Sp5C)
They've also posted some BeamNG mods, and were casting doubt on accusations that some other account's mod contained malware: https://archive.is/zLiaZ
That other account's reddit profile: https://archive.is/r9V1M
If you download code off some unknown person's GitHub repo, you'd be stupid not to read it very very carefully!
Even inspecting the code is not enough because a lot of security vulnerabilities are not obvious. Basically, security is hard, and often there are not a lot of good solutions.
Here are some tricks I have found which have helped me minimize my risk:
1) Use different machines for different purposes. Basically, you should not use 1 PC (or Mac) for everything. I have one for my finances, one for gaming, and a general-purpose PC. If one gets hacked, the others are still fine.
2) Get software from trustworthy sources. Most of the major software companies are not going to ship malicious code. For open-source software, use software from popular projects which have a good reputation.
3) Ask yourself why is someone providing this software? Is it for money? Are they creating it because they enjoy it? How do they support themselves? For example, Google's business model is building a dossier on people so it can deliver ads they are more likely to click on. When Google gives you something for "free", they will probably use it to track you, or track visitors to your website.
4) Support the people who build the software you use. If its commercial software, pay for it, do not pirate it. If it's open source, donate time or money to the projects you use. Also, thank the people who work on the software, and ALWAYS treat them with respect.
5) Avoid pirated software, software from "free" porn web sites, etc. People who provide illegal software, or sketchy software are probably willing to put back doors in it.
On this topic, how much should a person trust central repositories of well-known operating system distributions (e.g. Arch, Debian)? I know only trusted people can upload to them, and the only time I've ever heard of malware slipping past them was XZ, but I don't know how much care they take.
