arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options

File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######


File: 1505742577930.png (55.6 KB, 300x300, CCLeaner.png)

 No.1551

http://archive.is/hddwi
http://thehackernews.com/2017/09/ccleaner-hacked-malware.html

>If you have downloaded or updated CCleaner application on your computer between 15 August and September 12 of this year from its official website, then pay attention—your computer has been compromised.


>Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.

 No.1558

>If you have downloaded or updated proprietary software on your computer between 1 January 1977 and September 12 of this year from its official website, then pay attention—your computer has been compromised.

 No.1574

>>1558
Get lost. Some of us work with these damn machines to make money and FOSS zealotry doesn't pay the rent.

Let's not forget all the giant stuff ups in open source projects like OpenSSL, etc. The whole 'open source = moar betterer security' is a fallacy that needs to die.

Now, back on topic;

>>1551
Also another thing to keep in mind is that even though this compromise only affected limited versions of CCleaner, it was a signed executable. That means at the moment you can't trust anything that was signed by the cert issued to Piriform by Symantec until it expires in October 2018. It's a good possibility we may be seeing this certificate get revoked before too long.

 No.1581

>>1574
> That means at the moment you can't trust anything that was signed by the cert issued to Piriform by Symantec until it expires in October 2018. It's a good possibility we may be seeing this certificate get revoked before too long.

That's certainly something one hopes, at least.

Guess I'll be warning the less savvy family members.

 No.1607

>>1574
As Microsoft officials already stated many years ago, all these "registry cleaners, defraggers and optimizers" are snake oil shovelware that breaks already broken WIndows registry structure by deleting what they shouldn't delete. If you happen to use one of these snake oil programs, well, honestly you have absolutely no idea what you are doing and it's probably not Serious Work™ at all.

>we can not sign our software with our own keys and rely on third party to sign it for us case #1756

 No.1608

>>1574
>The whole 'free software = moar betterer security' is a fallacy that needs to die.
Uh no, FOSS software is essential in security, especially when dealing with encryption. For instance, how would I know that an program securely generates actually random data without looking at the source code? I can't try to analyze the output of the program, how am I supposed to know that the data is random? To me, it might look random, but to a computer it's completely chosen. The faults of the OpenSSL project cannot be just forgiven, that's why we have LibreSSL, another thing that would never be possible without FOSS.

Sage because off topic.

 No.1610

>>1574
> Get lost.
Please let's be civil. onegai.

There are two arguments for open source being safer:
1. open source is more secure.
2. open source is not mallicious.


You provide some evidence to refute the first argument:
>giant stuff ups in open source projects like OpenSSL, etc

You don't directly address the second. I will give some evidence to address it:
if windows were caught stealing your identity or something, they could get in a lot of trouble.
they can invade your privacy in other ways still, but it's limited.

 No.1651

>>1608
Your FOSS…
inhales vape fumes
Your "FOSS" software actually uses pseudorandom generator inside your proprietary closed source backdoored CPU, how can you trust that?
>>1610
"Open source"
exhales vape fumes
is more secure because user might audit the code, run only necessary parts or modify it, if user refuses to that, "open source" becomes equally malicious, see SystemD or Linux Mint website hacks.

 No.1652

>>1651

Yeah, people really don't get this. Like, are you going to audit the entire piece of software you use? Are you checking hashes and monitoring commits? Compiling your own version or taking binaries from their site? Most likely not, which makes the software you're using just as likely to be malicious as any proprietary software.

Although using FOSS software is logically a better idea, as there is probably a higher chance of other users or groups auditing the software or watching it under a closer eye.



[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]