Eli5
Technology
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
VS Code has an optional feature that can allow remote access, which could be [used/abused] to [access/breach] otherwise secure networks. Because the executable is signed by Microsoft, it won't be flagged as malicious by antivirus/malware scanners even though it could easily be used as such. The article shows the steps the author attempted to detect and block this tunnel functionality, with limited success.
I don't really get this article to be honest.
An attacker doesn't need vscode to expose your closed off network, there are many more terminal tools that can be used for various kinds of attacks, especially if the attacker can smuggle in his own executables, as it's assumed in the post.
Neither do I like Microsoft nor vscode but to me it looks like the tunnel thingy can (and definitely should) be blocked off easily and it seems to be even documented by Microsoft.
This seems similar to an ssh session, but ssh has great authentication and authorization parameters that can be setup. Whereas code.exe is left open.
So why is this getting down voted. Seems like a valid concern.
I think it's getting down-voted purely because OP's title is essentially "mIcRo$oFt bAd!" instead of describing the issue. It's not getting down-voted anywhere else this article was cross-posted to, where they used the article's actual title.
Also weirdly there's no info on how this new tunnel thing is different to the ssh explorer extension (made by MS)