Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
School | Tested | VPN-Slicing |
---|---|---|
UVA | ✅ | ❌ |
FIU | ✅ | ❌ |
UFL | ✅ | ✅ |
FAMU | ❌ | ❌ |
NYU | ✅ | ❌ |
UCI | ❌ | ❌ |
GMU | ❌ | ❌ |
OleMiss | ❌ | ❌ |
SC | ❌ | ❌ |
Open any terminal (git bash, cmd, powershell) as administrator.
Python 3.12 is recommended, which can be
downloaded from the Python website. Your Python version can be checked
with the command python -V
Once confirming Python, execute:
pip install cloudmesh-vpn
To connect to the UVA Anywhere VPN, run
cms vpn connect
For other organizations, the --service
flag can be used:
cms vpn connect --service=ufl
# possible services are uva fiu ufl
Note- currently the output will be piped to the terminal
and will end in response to Ctrl + C
consider executing the following:
nohup cms vpn connect --service=ufl >/dev/null 2>&1
To disconnect from current VPN, run
cms vpn disconnect
To see info regarding your connection, run
cms vpn info
On Linux we use the command openconnect
. To check if it is available please use
$ which openconnect
If it is not available, you can install it un Ubuntu with
$ sudo apt install openssl
$ sudo apt install openconnect
$ sudo apt install network-manager-openconnect
and in case you use gnoe also:
$ sudo apt install network-manager-gnome
$ sudo apt install network-manager-openconnect-gnome
We have tested this tool only with University of Virginia, but it should be simple to adapt. Just follow the instructions to obtain the certificates from your provider.
At UVA you find the certificate and other documentation at
we place all certificates into ~/.ssh/uva
mkdir -p You will receive a file ending in .p12. In this example we will assume it is named mst3k.p12.
cd ~/.ssh/uva
wget https://download.its.virginia.edu/local-auth/universal/usher.cer
To get a certificate for your device, go to
Fill it out and get the key. You will receive a file ending in .p12. In this example we will assume it is named mst3k.p12 and place it into ~/.ssh/uva/user.p12
It is important for us to rename this key to user.p12 so we have a simpler way of identifying it and writing this documentation.
Now convert the keys and certificates with the following commands
cd ~/.ssh/uva
openssl pkcs12 -in mst3k.p12 -nocerts -nodes -out mst3k.key
openssl pkcs12 -in mst3k.p12 -clcerts -nokeys -out mst3k.crt
openssl x509 -inform DER -in usher.cer -out usher.crt
Now your UVA directory should have the following files in it.
ls ~/.ssh/uva/
user.crt user.key user.p12 usher.cer usher.crt
You can now use the cloudmesh cms vpn command.
$ pip install cloudmesh-vpn
$ cms help
To connect use
$ cms vpn connect
To show the status use
$ cms vpn connect
To disconnect
$ cms vpn disconnect
This work was in part funded by the NSF CyberTraining: CIC: CyberTraining for Students and Technologies from Generation Z with the award numbers 1829704 and 2200409.
Command vpn
===========
::
Usage:
vpn connect [--service=SERVICE] [--timeout=TIMEOUT] [-v] [--choco]
vpn disconnect [-v]
vpn status [-v]
vpn info
This command manages the vpn connection
Options:
-v debug [default: False]
--choco installs chocolatey [default: False]
Description:
vpn info
prints out information about your current location as
obtained via the vpn connection.
vpn status
prints out "True" if the vpn is connected
and "False" if it is not.
vpn disconnect
disconnects from the VPN.
vpn connect [--service=SERVICE]
connects to the UVA Anywhere VPN.
If the VPN is already connected a warning is shown.
You can connect to other VPNs while specifying their names
as given to you by the VPN provider with e service option.
FAQs
Virtual Private Network connection in the cloudmesh suite
We found that cloudmesh-vpn demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.