Comment by SSLy
3 months ago
Can you post full message headers somewhere? It'd be interesting which MTA was involved in delivery from the sender's side.
3 months ago
Can you post full message headers somewhere? It'd be interesting which MTA was involved in delivery from the sender's side.
Yep - https://gist.github.com/Qix-/c1f0d4f0d359dffaeec48dbfa1d40ee...
https://mailtrap.io/contact-details/
let's see the header of interest:
what about it?
How did simply opening this email in something like Gmail or a desktop client result in it being able to compromise NPM packages under your control?
I'm just curious - and as a word of warning to others so we can learn. I may be missing some details, I've read most of the comments on the page.
I clicked the link like a genius :)
8 replies →