Following on with my “hybrid/cross-platform sucks donkey balls” thread

@irene http://arstechnica.com/information-...

How is it different from any desktop application? Hell, how is that even news?

Yes you can alter an application's behaviour by editing local files and yes if you download a binary from an untrustworthy source it might not be what you're expecting.

This is common knowledge since what? 20 years now?

I too can open a binary and insert shellcode if I feel like it.

Gonna have a heart attack from this surprise.

@Commodore are you saying op is spreading...

F A K E N E W S?

The issue is that the cryptographic signature doesn't change. The same is not true in your examples @Commodore @PrivateGER

*Enters full sarcasm mode*

Oh no, how terrible...

Yes it needs local access and yes a lot can be done if you have that anyway. I don’t think that’s the point of the article.

Making these changes doesn’t change the signature making it extremely difficult to detect. But the fact that it’s a flaw in electron (the platform) makes it much worse.

Someone will only attempt an attack if it’s worthwhile, like if there’s a high chance of finding users with the specific version of windows, running a specific version of the app. The fact that it’s every app, across every OS, and every version, makes it a bigger deal.

Then take into account that it’s apps like slack and Skype that companies use to discuss everything.

Then take into account my hatred of these tools and platforms ... and there ya go, things just got much worse!

So if you think non-electron apps validate their checksums every bootup, I'd be banned on Steam for editing my configurations inside Counter Strike's folder.

But I don't.

* sigh

@010001111 Don't change skins and go official matchmaking though XD

@xewl Eh, you'll just be kicked if sv_pure is enabled.

@PrivateGER Yup