The odds that a virus scanner would have a pattern for something like
this are very low indeed, so in this specific case I doubt it would make
a difference. However, excluding paths for any reason leaves an aperture
open that could be exploited.
The targeted attacks I've seen are amazingly spe
No, because it targets the project folders and the build artifacts,
not the NetBeans JARs themselves.
--emi
On Fri, May 29, 2020 at 11:33 PM Juan Algaba wrote:
>
> I wonder if excluding netbeans from antivirus scanning (for performance
> reasons), but not the project folders, make you more at r
I wonder if excluding netbeans from antivirus scanning (for performance
reasons), but not the project folders, make you more at risk to something
like this?
On Fri, May 29, 2020 at 12:40 PM Alan
wrote:
> The malware is oddly focused. I suspect a specific group was being
> targeted. If eventually
The malware is oddly focused. I suspect a specific group was being
targeted. If eventually GitHub releases the project names that might
provide a clue.
On 2020-05-29 15:30, Emilian Bold wrote:
so I guess this is all just about me. :-)
Hehe.
Still, they worked too much to target Ant and Net
> so I guess this is all just about me. :-)
Hehe.
Still, they worked too much to target Ant and NetBeans. I think the
Gradle wrapper is a much easier target and developers will run
./gradlew without a 2nd tought.
--emi
On Fri, May 29, 2020 at 10:25 PM Geertjan Wielenga wrote:
>
>
> Sure, thos
Sure, those are simply Ant files.
I also wonder about the 26 open source projects they refer to on GitHub,
without naming them, where this problem was encountered. I have about that
number of NetBeans projects in my GitHub repo, so I guess this is all just
about me. :-)
Gj
On Fri, 29 May 2020 at
Seems near-impossible for this to actually be in the wild.
According to
https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
macOS developer machines seem unaffected. For Linux / Windows
developer machines look for:
* nbproject/cache.dat files
* $HOME/.local/s
The malware explicitly targets NetBeans:
The malware is capable of identifying the NetBeans project files and embedding
malicious payload both in project files and build JAR files. Below is a high
-evel description of the Octopus Scanner operation:
• Identify user's NetBeans directory
On 5/29/20 2:16 PM, Geertjan Wielenga wrote:
It seems to be saying that a build system that uses Apache Ant can be
poisoned by malware. That probably is equally true for Gradle and
Apache Maven — so I don’t understand why they’re picking on Ant.
Probably because Ant was the standard in Net
It seems to be saying that a build system that uses Apache Ant can be
poisoned by malware. That probably is equally true for Gradle and Apache
Maven — so I don’t understand why they’re picking on Ant.
Gj
On Fri, 29 May 2020 at 21:09, Peter Steele wrote:
> Hi
>
> Saw this
>
>
> https://www.zdnet
Hi
Saw this
https://www.zdnet.com/article/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/
Do we know anything more about this?
Yes, I can confirm.
There is a bug on Tomcat launch with previous version of NB, at least
version 11.
It works fine with version 12 beta.
On Wed, 27 May 2020 at 07:42, Geertjan Wielenga wrote:
>
> Can you try this scenario with 12.0 Beta 5? There has been a recent fix in
> this area.
>
> bit.ly/
What is the intended use of the "Runtime Platform" drop down in the project
properties of an Ant project?
The only option it shows is "Project Platform", even though I have multiple
JDKs configured in the IDE.
The "Manage Platforms" button next to the dropdown simply takes me to the "Java
Platf
Hello,
I have weird icons with the Flat LAF:
[image: image.png]
this happens sometimes like 2 times out of 5 at the start.
And sometimes when restarting it is back again at normal without doing
anything:
[image: image.png]
Here is my System infos:
*Product Version:* Apache NetBeans IDE 11.3
*
14 matches
Mail list logo
