Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
git.justos.info/justos/riseup-vpn
Install dependencies:
# make depends
Build the systray:
$ git clone 0xacab.org/leap/bitmask-vpn && cd bitmask-vpn
$ make build
You need at least go 1.11. If you have something older and are using ubuntu, you can do:
make install_go
For other situations, have a look at https://github.com/golang/go/wiki/Ubuntu or https://golang.org/dl/
Using homebrew:
$ git clone 0xacab.org/leap/bitmask-vpn && cd bitmask-vpn
$ make depends
$ make build
Building the systray in linux will produce some -Wdeprecated-declarations
warnings, like that:
cgo-gcc-prolog: In function ‘_cgo_3f9f61f961c9_Cfunc_gtk_font_button_get_font_name’:
cgo-gcc-prolog:5455:2: warning: ‘gtk_font_button_get_font_name’ is deprecated [-Wdeprecated-declarations]
In file included from /usr/include/gtk-3.0/gtk/gtk.h:106:0,
from ../../../go/src/github.com/gotk3/gotk3/gtk/gtk.go:48:
/usr/include/gtk-3.0/gtk/gtkfontbutton.h:96:23: note: declared here
const gchar * gtk_font_button_get_font_name (GtkFontButton *font_button);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
They are expected and don't produce any problem on the systray.
The default build is a standalone systray. It still requires a helper and openvpn installed to work. For linux the helper is bitmask-root for windows and OSX there is a helper written in go.
To build and run it:
$ make build
$ build/bin/bitmask-vpn
Is also posible to compile the systray to use bitmask as backend:
$ go build -tags bitmaskd
In that case bitmask-systray assumes that you already have bitmaskd running. Run bitmask and the systray:
$ bitmaskd
$ build/bin/bitmask-vpn
When a string has being modified you need to regenerate the locales:
$ make generate_locales
To fetch the translations from transifex and rebuild the catalog.go (API_TOKEN is the transifex API token):
$ API_TOKEN='xxxxxxxxxxx' make locales
There is some bug on gotext and the catalog.go generated doesn't have a package, you will need to edit
cmd/bitmask-vpn/catalog.go and to have a package main
at the beginning of the file.
If you want to add a new language create the folder locales/$lang
before running make locales
.
When you report an issue include the following information:
/home/<your user>/.config/leap/bitmaskd.log
& /home/<your user>/.config/leap/systray.log
/Users/<your user>/Library/Preferences/leap/systray.log
, /Applications/RiseupVPN.app/Contents/helper/helper.log
& /Applications/RiseupVPN.app/Contents/helper/openvpn.log
C:\Users\<your user>\AppData\Local\leap\systray.log
, C:\Program Files\RiseupVPN\helper.log
& C:\Program Files\RiseupVPN\openvp.log
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.