Surprise, a "user" maintained repository, is able to host malware, shocker.


  • 19
    "LiNuX iS sUpErIoR."

    (As usual, it's a joke. Don't get asshurt fanboys. Both OS have pros and cons.)
  • 12
    And they never wondered why the most popular AUR helpers always prompted them to view the PKGBUILD...
  • 11
    From what I can read in the (kinda compressed) screenshot, it sounds an awful lot like the Local Channel Fuck Me News :v
  • 24
    *Super loud gasp*

    You mean the internet is never safe no matter what OS and security you use... Never would have bloody guessed...

    *Sarcasm leaks from ears*
  • 30
    WHAT?! Next thing you're gonna tell me is that there's malicious code on GitHub!
  • 7
    "The security investigation shows that shows that"

    I honestly felt like a broken disc while reading rhat sentence"
  • 2
    Just saw this as well. Eran Hammer wrote a great piece a while back about the vulnerabilities of node. Rings true all around.
  • 5
    @AlgoRythm how that? isn't it running windows defender? 😰

    @Awlex yeah, typical outlet blasting so much clickbait, they forget to read it again

    @ChachiKlaus I have lost sleep at night thinking of npm, especially whenever things get proven by lunatic maintainers, never updated dependencies (even snyk itself) or future predicting blogs like: https://hackernoon.com/im-harvestin... it's a terrifying mutation.
  • 2
    @Bitwise since I am running an arch based install on my laptop, I am starting to explore a lot more about those things over time, though I am currently at the state where I just confirm (debian habit), have used yaourt up until somebody here mentioned its flaws and more, but now I changed to yay for aur packages, have spent the last 2 days figuring out how to compile a kernel, along the way explored a bit .config, menuconfig, pkbuild etc. 😊
  • 3
    @FrodoSwaggins You missed the point, I wasn't supporting the article
  • 2
    @FrodoSwaggins oh, I somehow felt adressed by the last sentence 😅
  • 2
    @JoshBent that was a good article. Learned a lot through some of the methods he used.
  • 3
    It is an Arch issue.
  • 8
    @JoshBent Very interesting article. Great to see how someone else solved this puzzle of stealth vs extent of data collected. This is one of the reasons why I never blindly trust JS to run in my web browser. The website developer's code may be made with good intentions, but I can't assume their competence, resilience to endless amounts of frameworks or their own security awareness. And when a webserver gets hacked.. then the attack surface consists of all the people visiting it. It's huge.

    And when user or developer says "well that wouldn't ever happen to ME!!".. well, it's pretty much a numbers game. Imagine that you go to bed with everyone you meet (awesome or awful as it may be). If you blindly allow any code to run on your PC, that's like sleeping with all of them without protection. Only selectively allowing JS would be like asking whether they have an STD first. But ultimately it's a numbers game, one of chances. For every so many people that you go to bed with unprotected, eventually you'll meet one that's infected. Once that happens, it's game over.
  • 2
    @Condor ahahahahaha made my day
  • 4
    @Stuxnet both OSes?? Since when was there only two?
  • 3
    @ewpratten You know what I meant.
  • 4
    @Condor the video is the thing
Add Comment