Is anyone vetting the security of the plugins / extensions? Kaspersky has detected a ransomware in my Windows user .cache folder after using the Dreambooth extension. #4922
Replies: 3 comments 4 replies
-
It was someone talking about downloading the Anything V3 model. |
Beta Was this translation helpful? Give feedback.
-
|
That's correct. I confused that part with the last comment in that thread about custom models. |
Beta Was this translation helpful? Give feedback.
-
|
Was that ever corroborated by someone else? |
Beta Was this translation helpful? Give feedback.
-
|
I have corrected myself and you are correct. But my general concerns about the safety of the plugins are still valid, wouldn't you agree? My goal is not to accuse anyone, but just to discuss about this potential security issue.
…------- Original Message -------
On Monday, November 21st, 2022 at 8:23 AM, GigsTheCat ***@***.***> wrote:
"A while ago, I saw someone in a thread on Reddit reporting that the IT department of his university contacted him after discovering 5 TOR connections related to his station right after he used the Dreambooth extension. Can't find the thread anymore, but it's adding to the suspicious stuff related to the Dreambooth extension."
No, what you mentioned has NOTHING to do with the dreambooth extension. It was someone talking about the Anything V3 model.
https://www.reddit.com/r/StableDiffusion/comments/yscb5e/comment/ivzlbyt/?utm_source=share&utm_medium=web2x&context=3
—
Reply to this email directly, [view it on GitHub](#4922 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/A4JYFJRIQBOZYDXMRMUXD6LWJNZUBANCNFSM6AAAAAASGMF6OA).
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Currently, all Collaborators can add to the extensions index. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you. |
Beta Was this translation helpful? Give feedback.
-
|
no, I mean to talk about it. |
Beta Was this translation helpful? Give feedback.
-
|
It looks like someone is working to add safe tensor loading. This should alleviate pickles from loading malicious data but that's just models. For extensions, only the user checks. They are extensions after all, an optional thing up to the user to check and enable. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Wondering if anyone is actually vetting / checking the extensions for malwares and what they do actually install, in detail. Like I've mentioned in the title, Kaspersky detected a ransomware file in my Windows user .cache folder after running the Dreambooth extension by d8ahazard. Also, the creator of this extension seems to be deflecting concerns about the disable-safe-unpickle feature of Automatic1111.
An example:
https://github.com/d8ahazard/sd_dreambooth_extension/issues?q=is%3Aissue+safety+is%3Aclosed
"By the way, the .ckpt model files generated by dreambooth extension are also regarded as "unsafe", so that they cannot be loaded by SD WebUI unless using "--disable-safe-unpickle". It is my sincere suggestion that we can add a checkbox to decide whether we remove pickle file in the .ckpt files or not."
Reply:
"So, this one is really not up to me.
@AUTOMATIC1111's repo is what is doing the "safe unpickle" check, and it's what is yelling at you about the model. I don't know what the checker is finding unsafe about the model, but as anybody can really upload stuff to the hub, I wouldn't necessarily say that it means the model is safe. Not saying it's actually unsafe...just that the potential does exist.
Of course, it could totally be a false flag, but the reason it's flagging generated models as being unsafe is because the source model is unsafe. I'd assume that just loading the source model for generation in SD-WebUI would also raise this error."
A while ago, I saw someone in a thread on Reddit reporting that the IT department of his university contacted him after discovering 5 TOR connections related to his station right after he used the Dreambooth extension. Can't find the thread anymore, but it's adding to the suspicious stuff related to the Dreambooth extension.https://www.reddit.com/r/StableDiffusion/comments/yscb5e/comment/ivzlbyt/?utm_source=share&utm_medium=web2x&context=3
Edit: Didn't remember that comment correctly. I confused it with the last one in that thread about custom models: "So I just had this happen to me on some of the custom models I made."
Another example I found in a thread related to model's security (also shows that many people aren't even aware that there could be security issues):
https://www.reddit.com/r/sdforall/comments/ytxa0p/dark_souls_and_blood_born_model_seem_to_have/iw6nuuy/
Why are the models generated from this extension considered unsafe? The answer from d8ahazard isn't satisfactory at all. Something doesn't feel right with this extension. I'm probably just paranoid, but better be safe than sorry.
This is just an example with this extension but the security related questions applies to all the other extensions as well.
Thoughts?
Beta Was this translation helpful? Give feedback.
All reactions