Reddit: https://old.reddit.com/user/HiddenLayer5/

  • 42 Posts
  • 270 Comments
Joined 10 months ago
Cake day: September 13th, 2024
  • HiddenLayer555@lemmy.mltoAsklemmy@lemmy.mlWhat's the dumbest scam you've ever seen?English
    9·
    7 days ago

    Dumbest AND most genius: Fake captchas that get the user to press windows+R, then control+C, then enter.

    Dumbest because if you paid attention to what’s being pasted, it’s usually a call to power shell with an arbitrary script, and it’s being pasted into your OS’s run box which is basically like a console.

    But also genius because there are tons of people that fall for it, and it’s a social engineering masterpiece.

    John Hammond with more: https://www.youtube.com/watch?v=lSa_wHW1pgQ

    This really highlights two systemic issues: tons of people don’t know what they’re doing with computers and don’t know basic security concepts like don’t run an arbitrary script from an untrusted website, and we should probably do something about that. Which brings me to the second point that Windows is pretty ass for making it this easy. Why can you run an encoded power shell script from your run box, and why would you make bypassing the execution policy as easy as a flag in the command you’re invoking? I can’t imagine those have a lot of legitimate uses and aren’t just being abused by criminals.

  • HiddenLayer555@lemmy.mltoLinux@lemmy.mlAre there any examples of Linux (desktop) viruses that are actively or were recently in circulation?English
    19·
    14 days ago

    TLDR: While Linux is less susceptible to malware in some ways, it mostly boils down to Linux having a more technically minded userbase whereas Windows is a “mainstream” operating system.

    Most Windows malware nowadays come from social engineering scams (complete this “captcha” by pressing Windows+R and pasting in this powershell script we conveniently put in your clipboard) or untrusted third party installers because Windows doesn’t natively have a package manager. Like others have said, the old school self-propagating worms and drive by downloads that activate just by clicking on a link aren’t really possible anymore (outside of state actors with unlimited budgets to buy zero days) unless your system or browser is horrifically outdated.

    In terms of social engineering, Linux is not necessarily better at preventing it than Windows. In fact, sudo in Linux will unquestioningly delete the kernel and system software or make unlimited changes to them. Windows, for better or for worse (tbh more worse than better), uses TrustedInstaller to limit access to system files. Windows 11 won’t easily let you delete or modify System32 for example, even if you’re an admin. So it’s in theory easier to do more damage to your system on Linux if you don’t know what you’re doing. But if someone is using Linux full time, they’re most likely technical enough to not be fooled into running random untrusted bash commands.

    The biggest thing is to be careful with those Linux terminal tutorial sites that have a “add to clipboard” button, they can put literally anything into your clipboard, including an enter key to run the script as soon as you put it in your terminal (though this may or may not be possible depending on your terminal app). Actually, they don’t even need you to use their copy button. They can just set an event listener for control-C anywhere on their site and automatically replace the clipboard content. Just double check everything you copy before running it, especially since there’s a lot of times where Linux users have to rely on obsecue tutorials hosted on untrusted websites.

    You also don’t really need to run untrusted installers on Linux because almost everything you need is in a properly moderated software repository, be it your native package manager, Flatpak, or Snap. Everything is signed by the authors and has a ton of eyes from the open source community on it. The only things to look out for is compiling something from GitHub, random AppImages, Elf binaries, scripts, and last but not least third party repositories that can be added as an installation source to your package manager/Flatpak/Snap. Basically, Linux gets most of its “doesn’t get malware” reputation from the same place Mac does: you rarely have to manually download and run an executable from a random website, which is the norm on Windows. Add to the fact that even when that’s needed, the Linux userbase is more technical and is more able to discern which sources are reputable and which are suspicious.

    Another major source of malware is pirated versions of Windows or untrusted “license activators” from the internet. This just isn’t a problem on Linux because there’s no license to activate and it’s free to begin with so there’s nothing to pirate. And again, if someone is running Linux, they’re probably technical enough to know not to run random pirated versions of paid software to begin with, helped by the fact that the vast majority of paid software is Windows only.

  • HiddenLayer555@lemmy.mltoAsklemmy@lemmy.mlWhat keeps you going?English
    7·
    14 days ago

    Nihilism. I’ve fully accepted that humans are definitely going extinct and I’m just along for the ride. It’s oddly comforting to realize nothing you do matters in the long run because your entire species and society has no future. I’ll focus on being a nice person to the few other humans that know me instead of trying to change the entire world, because realistically I can’t change the world. If I can make some positive impacts to a few other individuals before we all die, I’ll take that as a win.

    Is that a healthy mindset? No. But I’m not a healthy person to begin with so I don’t care.