https://miscreants.github.io/blog.trailofbits.com/authors/keith-hoodlet/Recent content in Keith Hoodlet on The Trail of Bits BlogHugoen-usWed, 30 Apr 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/30/insecure-credential-storage-plagues-mcp/Wed, 30 Apr 2025 03:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/30/insecure-credential-storage-plagues-mcp/This post describes how many examples of MCP software store long-term API keys for third-party services in plaintext on the local filesystem, often with insecure, world-readable permissions.https://miscreants.github.io/blog.trailofbits.com/2025/04/29/deceiving-users-with-ansi-terminal-codes-in-mcp/Tue, 29 Apr 2025 09:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/29/deceiving-users-with-ansi-terminal-codes-in-mcp/This post describes attacks using ANSI terminal code escape sequences to hide malicious instructions to the LLM, leveraging the line jumping vulnerability we discovered in MCP.https://miscreants.github.io/blog.trailofbits.com/2025/04/23/how-mcp-servers-can-steal-your-conversation-history/Wed, 23 Apr 2025 10:30:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/23/how-mcp-servers-can-steal-your-conversation-history/Malicious MCP servers can inject trigger phrases into tool descriptions to exfiltrate entire conversation histories and steal sensitive credentials and IP.