dzervas @ dzervas @lemmy.world

Posts

2

Comments

87

Joined

2 yr. ago

damn

you have a multi-billion cluster at your disposal it seems

you can do i: int to make this error out

I’ve not looked into fire jail in depth but I’ve read lots and lots of bad takes on it

What we need is docker with a better graphics integration, in terms of both ease of use and security. maybe wayland can help in that (cause with X you just forward the whole management socket and that’s it, anyone can draw anything)

There’s a chance that snap has done it right (I know that everyone hates it but there’s a CHNACE that they got it right in terms of security and ease of use)

flatpak “is not enough” since the controls it gives you are not enough. first you need flatseal to disable stuff per application and the defaults aren’t good enough and steam for example REQUIRES access to the whole home folder which defeats the whole purpose

what kind of privilege separation? you’re talking about containers/namespaces?

cause as it is linux desktop has 1 unprivileged user and that’s it. from an attackers perspective privilege escalation is irrelevant - you have access to the screen, keyboard, browser, files. there really is nothing left to gain from gaining root

and if you have any reason to gain root, it’s super easy by just replacing sudo with an alias in .bashrc you’ve got the user’s password

We REALLY need sandboxing and soon, that’s why I want to give fedora silverblue a try but my hopes are quite low

btw windows is in a bit of a better place and M1 mac is in much better place

exactly!

sorry if I overexplained/oversimplified a bit but I didn’t want to make assumptions ☺️

I disagree. Malware is quite difficult to develop and MUCH more difficult to maintain because of AVs and getting around defender ain't a joke. It can be done but it's neither trivial nor fun.

I never got where the misconception of "*nix doesn't have malware" came from. Maybe from the 2k era where "malware" was anything that was slowing down your PC (I also don't get why a malware would slow down your PC, unless it's a ransomware)?

I remember the c99.php shell from way back which is an amazing example of cross-platform (PHP can run anywhere) "virus" and it was considered a golden standard (2010 era?)

I've never even considered ClamAV. I have the idea that it's just a malware signature DB (changing the signature of a binary is almost as simple as recompiling it with a bit different variables)

Am I incorrect? does it have heruistics/active scanning?

wow, you should become a teacher or something

ok so let’s start with the exploits. Exploit is a bug (problem) in a piece of software that when… umm… “abused” (well the word is just exploited) it allows you to do stuff that you shouldn’t. An exploit could be live from your browser to the program you use to zip files. The top 2 reasons to use an exploit is to either get initial foothold on a machine (e.g. an exploit in a browser that would allow an attacker to execute arbitrary code when you visit their page or an exploit in winrar that when you open a zip file executes code)

From the attackers perspective, you got in, nice. Mind you you got in through means that have nothing to do with windows (and that’s true most times, especially on desktops). but now? what?

You hacked into the machine for a reason! You might wanna grab the browser cookies (giving you direct access to the accounts that the victim is logged into), grab some files, screenshots, passwords

That’s where the AV kicks in. After the initial exploit the malware behaves like a normal program. But not completely. Assuming that the AV hasn’t seen the same exact malware before (which would an insta kick ban) it’s going to see a random process accessing files in chrome’s directory. HUH. ISNT THAT SOMETHING. quarantined.

Wanna start listening to each and every keystroke? quarantined

Meanwhile the way that the exe ended up in your system was not through an installer, you don’t provide an uninstaller and it was downloaded from www.xXxveryNicEsiteyou.got. HUUUUUUUH

the whole process is a bit simplified of course, but it captures the general idea

So why does linux not have an AV? FUCK IF I KNOW! It would be very, VERY useful. Writing malware that bypasses AV is an art of its own. Can be done for sure, but it’s an extra step and it’s not fun

background: used to get paid to do shit like that (legally, pentest) and it’s a fun hobby (writing code around it, not hacking people)

lol forgot to mention torrentio, the most crucial part of the recipe 😂

it just downloads the torrents in real time for you and gives you a single link. It removes all the torrent quirks - except of course of the fact that you need seeders and the download speed depends on them.

Why is nobody talking about stremio? The user interface and experience is very close to netflix (better at times) but it plays torrents instead.

If you pair it with a real-debrid subscription after you first try it solo it takes it to the next level.

It’s just amazing

And you don’t have to buy anything. Stremio can be installed on your firetv stick

EDIT: forgot to mention that you need the torrentio or torrrentio lite add on for stremio.

what I want to stress out at this point is that due to the techniques required to crack a game (dll injection, ssl pinning bypass, syscall hooking and more) are used by malware

that though leaves you completely unaware if the crack is benign or not. It could be or it could be not. “but it worked fine for me” is also not a good enough pointer as it’s very common practice making the malware run only under certain conditions (after a month, only when the PC is idle or the screen is locked, or make it extremely lightweight - just upload all your browser cookies once a day

if you get hit by something like this there’s no going back. you need to format. there are very, VERY weird ways that a malware can replicate/hide itself to.

software has, is and always will be a game of trust. do you trust the cracker? or even the company that makes the software? and if so, why

I always suggest to never run cracks on a machine that is used to log into personal accounts

The only crack that I actually trust is mass grave (windows & office crack). It’s a powershell script so you can just read its source code

there really is no way to know if you’ve got a virus. it doesn’t take a lot of time to develop a malware that is undetectable, especially if you target something very specific and make it be patient about it. e.g. wait a month, snatch all the browser cookies and send them to a server hosted on azure.

or every so often snatch the clipboard

there are a lot of ways to be very silent

I highly suggest you don’t use the pc you run the pirated games on for anything critical

background: I crack stuff as a hobby (never published anything), used to be a security engineer, programmer by hobby

my whole experience with matrix is deeply disappointing. devices getting out of sync, not being able to decrypt messages, missing notifications and that fucking mark as read not working are daily problems

dig deeper and you’ll find the causes of the problems, which are disturbing. e.g. a json string is hashed (however 2 equal json objects can be the same while their strings are very different)

the only reason I still use it is a room I want to be part of

yea makes sense given that at your 30s-40s it’s very likely that you’ve end up at your “career path” and after 1-2 years working on the same thing (otherwise you’d be full of stress) it becomes very mundane

Contrary to popular similar stories I had the feeling that I was in my 20-25s for “I was there for a long time” and I was eager for the next decades (with a small break for depression but I got through) Now I’m 28 and it kinda feels it speeds up but I don’t complain (but I do complain about everything else, A LOT)

to me too please