Hello and welcome to the Tuesday, April 4, 2020,

3,000, 3 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, who would have thought we got another sort of supply chain issue today?

Now, the day started with a fairly straightforward,

simple blog post. It's beginning of April here in the United States, April 15th. This is the big

tax deadline. So I figured it may be a good idea to remind people about some of the security

issues around filing your taxes.

But this weekend, we also got a note from one of our readers through about eFile.com,

kind of behaving oddly, displaying pop-ups and offering browser updates to download.

So after posting my initial diary, I spend a little bit time on eFile.com.

And, well, a big surprise, I discovered what looks like a possible supply chain issue again.

So just a little bit about eFile.com.

This website is apparently authorized by the IRS to offer

e-filing services so you can fill out your tax information on the site and they'll transmit the

information to the IRS. This would make you believe that they are very worried about security, but apparently what I'm describing started around March 17th, so about two weeks ago.

The root cause is that one of the JavaScript files on this site apparently got compromised.

The name of the file is Popper.js.

It's Serbia-Condeliver network, but one that's apparently used and set up for e-file.com.

Popper.J.S.

is often used with the Bootstrap framework or library.

And as the name implies, it's sort of for pop-up notices in order to display them on the site.

...