HackerTrans
TopNewTrendsCommentsPastAskShowJobs

CriticalRegion

no profile record

comments

CriticalRegion
·2 ay önce·discuss
Is your argument that Lebanon chose to stop advancing technologically and got invaded by a technologically superior nation for that?
CriticalRegion
·2 ay önce·discuss
I get the appeal of his arguments but after reading the book, it just doesn't sit right with me. A lot if it reminds me too much of fascist arguments about how all of those city liberals don't do actual labor and the only "real jobs" are farm jobs or something.
CriticalRegion
·2 ay önce·discuss
No, you read it right. I just misunderstood the post's message as "these exploits will enable more supply chain attacks". I'll probably delete my comment since it's debating a strawman. It is absolutely right that these exploits might enable these attacks to have a larger impact. I still don't think that I agree with the message since a malicious npm package already installed can get its payloads from a C2 server, it doesn't need an npm update.
CriticalRegion
·2 ay önce·discuss
This is a baffling take.. These exploits are local privilege escalations for linux systems. They'll allow an attacker with a foothold in a shared environment or with low privilege access to a system to affect the rest of the system. They aren't RCEs and won't let attackers access environments that they couldn't before other than the shared hosting scenarios. That is absolutely not how most supply chain attacks are carried out. Most supply chain attacks are performed via credential theft and social engineering. The more sophisticated ones are APT style attacks like the Solarwinds one (which were carried out by organisations that would already have exploits like these) or more creative stuff like the Shai-Hulud fiasco. All of these options existed before these LPEs. If you're worried about supply chain attacks you've been worried for longer than Mythos has been out. Not updating your software is never good security advice.
CriticalRegion
·geçen yıl·discuss
The article and the post title make it sound like Samsung phones come with NSO software preinstalled and a drone strike is making its way to your living room. It's adware bloat. It's a privacy nightmare. It's predatory on the part of the OEM, be it Samsung or Lenovo or Microsoft or all the other OEMs that preinstall bloatware. It happens to be Israeli (though even that's not true - Unity is an American company).

There's no need to present it as anything less than what it is, it is enough of a scandal already. Fear mongering using the words "Israeli Spyware" just undermines the very just point being made.