htm-community / nostradamiq Goto Github PK
View Code? Open in Web Editor NEW[Work in progress!!!] - sensing our Worlds' disasters.
Home Page: https://nostradamiq.org
License: GNU General Public License v3.0
[Work in progress!!!] - sensing our Worlds' disasters.
Home Page: https://nostradamiq.org
License: GNU General Public License v3.0
is it possible to show items during loading or do you need to parse the complete dataset first?
if possible, show preloader and maybe show items as soon as they are parsed.
location names are not necessary for understanding the stations, therefore maybe show them on rollover and find an icon (check linearicons icons, clean look, or fontawesome or glyphicons) to show instead of black square
some slower machines/connections usually assume, the app either crashed or doesnt load, css preloader gives the user some feedback and will make him wait with pleasure :D
like:
Hey there! Welcome to nostradamIQ. To give you an easy experience, here are some basic tips:
If you have questions: send us a message!
sent it to the https://bugreport.apple.com
We discovered a malicious backdoor in the project's dependencies, affected version are c9aded9c1673e6b0b166c49eae1fd2db7529392. Its malicious backdoor is the request package, the nostradamIQ/demo_app/nostradamIQ/requirements.txt file has a dependency request.
Even if the request has been deleted by PyPI, many mirror sites have not completely deleted this package, so it can still be installed. For example: https://mirrors.neusoft.edu.cn/pypi/web/simple/request/
Using such a mirror site to download and install this item will be vulnerable.
Analysis of malicious function of request package: 1.Remote download of malicious code When the request package is installed, the setup.py file in the package will be actively executed. The setup.py file contains the logic for the attacker to remotely download and execute malicious code. At the same time, the C2 domain name is encoded and obfuscated. The decrypted C2 address is: https://dexy.top/request/check.so. 2.Release the remote control Trojan and persist it The malicious code loaded remotely during the installation of the request package includes two functions: Release the remote control Trojan to the .uds folder of the current user's HOME directory. The Trojan name is _err.log (for example, /root/.uds/_err.log). The content of the _err.log remote control Trojan script is encoded and compressed by base64, which reduces the size and enhances the confrontation. Implant malicious backdoor commands in .bashrc to achieve persistence 3.Issue stealing instructions The attacker issues python secret stealing instructions through the remote control Trojan to steal sensitive information (coinbase account secret) After decrypting the stealing instruction, the function is to request the C2 service: http://dexy.top/x.pyx, and remotely load the stealing Trojan. Some of the functions of the remotely loaded secret stealing Trojan are shown below, which are used to steal browser cookies, coinbase accounts and passwords, etc.
Repair suggestion: replace request in nostradamIQ/demo_app/nostradamIQ/requirements.txt with requests
for example for promotion you will be able to send a direct link to the internet or seismic data demo.
Maybe automatically disable protection for this site?
Firefox for example automatically blocks all the content fetched from non-secure origins, but we need it.
especially on bigger screens, the scrollbar gives not necessary scrollbar :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.