62

Surprise, a "user" maintained repository, is able to host malware, shocker.

https://sensorstechforum.com/arch-l...

Comments
  • 16
    "LiNuX iS sUpErIoR."

    (As usual, it's a joke. Don't get asshurt fanboys. Both OS have pros and cons.)
  • 18
    And they never wondered why the most popular AUR helpers always prompted them to view the PKGBUILD...
  • 26
    @Stuxnet this isn't a linux issue, it's a software repository issue.
  • 11
    From what I can read in the (kinda compressed) screenshot, it sounds an awful lot like the Local Channel Fuck Me News :v
    https://youtube.com/watch/...
  • 26
    *Super loud gasp*

    You mean the internet is never safe no matter what OS and security you use... Never would have bloody guessed...

    *Sarcasm leaks from ears*
  • 32
    WHAT?! Next thing you're gonna tell me is that there's malicious code on GitHub!
  • 11
    "The security investigation shows that shows that"

    I honestly felt like a broken disc while reading rhat sentence"
  • 2
    Just saw this as well. Eran Hammer wrote a great piece a while back about the vulnerabilities of node. Rings true all around.
  • 2
    clamAV pinged on a user repo once, but on further investigation it was due to the package being a pentest package and the malware was supposed to be there.

    I always look at package builds, and 20% of the time have to modify them to actually get the latest version of software or get the software to actually install.

    The problem with just trusting user repos and not using something like Yaourt is you don't get prompted to view the package build.

    So, don't use untrusted user repos :D
  • 7
    @AlgoRythm how that? isn't it running windows defender? 😰

    @Awlex yeah, typical outlet blasting so much clickbait, they forget to read it again

    @ChachiKlaus I have lost sleep at night thinking of npm, especially whenever things get proven by lunatic maintainers, never updated dependencies (even snyk itself) or future predicting blogs like: https://hackernoon.com/im-harvestin... it's a terrifying mutation.
  • 3
    @Bitwise since I am running an arch based install on my laptop, I am starting to explore a lot more about those things over time, though I am currently at the state where I just confirm (debian habit), have used yaourt up until somebody here mentioned its flaws and more, but now I changed to yay for aur packages, have spent the last 2 days figuring out how to compile a kernel, along the way explored a bit .config, menuconfig, pkbuild etc. 😊
  • 20
    The stupidity in this thread is astounding. You can do anything you want in Linux when you run it as a super user, including wiping your entire installation. In Windows, you don’t have to even be a super user to do it. This is not proof that Linux is equally as insecure as Windows. This is just proof that social engineering works, which should not surprise anybody. If you’re stupid enough to blindly install software from a random internet repository that’s no different than downloading “free antivirus blockchain 2018” and expecting it to solve your broken printer.

    Linux is not an insecure os. But if stupid people do stupid things with it they will get disappointing results.

    Linux is superior and the sarcastic comments just show how little you thought about it before posting.
  • 3
    @FrodoSwaggins You missed the point, I wasn't supporting the article
  • 2
    @JoshBent not you, there’s lots of posts here
  • 3
    @FrodoSwaggins oh, I somehow felt adressed by the last sentence 😅
  • 2
    @JoshBent that was a good article. Learned a lot through some of the methods he used.
  • 3
    @Torbuntu
    It is an Arch issue.
  • 8
    @JoshBent Very interesting article. Great to see how someone else solved this puzzle of stealth vs extent of data collected. This is one of the reasons why I never blindly trust JS to run in my web browser. The website developer's code may be made with good intentions, but I can't assume their competence, resilience to endless amounts of frameworks or their own security awareness. And when a webserver gets hacked.. then the attack surface consists of all the people visiting it. It's huge.

    And when user or developer says "well that wouldn't ever happen to ME!!".. well, it's pretty much a numbers game. Imagine that you go to bed with everyone you meet (awesome or awful as it may be). If you blindly allow any code to run on your PC, that's like sleeping with all of them without protection. Only selectively allowing JS would be like asking whether they have an STD first. But ultimately it's a numbers game, one of chances. For every so many people that you go to bed with unprotected, eventually you'll meet one that's infected. Once that happens, it's game over.
  • 0
    @Stuxnet "both", yeah, 'cause there are only two OSes in existence :)
  • 3
    @Condor ahahahahaha made my day
  • 5
    @Condor That news video is gold. Now I want to go meet this girl, help her install theInternet.exe on her You-Beun-Too, then hit her head with her Dell computer. It shouldn't hurt since she actually doesn't have a computer for school, according to her.
    Too bad it happened in 2007.
  • 1
    @Stuxnet both OSes?? Since when was there only two?
  • 3
    @ewpratten You know what I meant.
  • 1
    @Brosyl in her defense, she is just a basic computer user and it was 2009 when Ubuntu was not at its best. It is funny in general. People calling her an idiot and much worse on various online forums is too much though.
Your Job Suck?
Get a Better Job
Add Comment