Oddbean new post about | logout
0xtr | 11 months ago (raw) | export | reply | flag +5 
 Ledger patched a vulnerable library in their Connect Kit today. Summary from someone on Elons app:

1. They are loading JS from a CDN.
2. They are not version locking loaded JS.
3. They had their CDN compromised.

https://i.nostr.build/M8Ad.png
franzap | 11 months ago (raw) | root | parent | reply | flag 
 Security blunder one after the other.  How do people still trust Ledger

nostr:note1envyaxq4sdy8fetssv6fvnsfdxenujuvtpg8xwl8gp4gax8mpjzs59geza