For context what he said was:
war crimes are war crimes even when committed by allies, and should be called out for what they are
Apparently condemning war crimes is enough to lose your job these days.
stifle867
joined 1 year ago
Especially the way they snake around why they didnt disclose it. "We can only disclose now". Why? They made it clear they didn't receive a court order or anything that would prevent them. They specifically mention that it was only an informal phone call from a police department.
Completely valid point. The kind of non-technical people wouldn't likely notice any difference in SSD speed anyway. It would be nice if they made it easier for technical people to disable the feature.
Yeah I do agree and myself run FDE as a defence in depth measure and as a protection against specific threats such as the one you mentioned. I think we agree on that completely.
In saying that, I would further add that it shouldn't be relied upon as the only defensive measure as once someone has gained physical access to the device it's not going to protect you against targeted attacks. If someone has access to your home they could install a camera aimed at the keyboard, or a hardware keylogger, or the good ol' $5 wrench attack.
Presumably you're relying on the security of your home, and if that's broken you've got bigger things to worry about.
It's a simple POC. To address your points you could easily add an event listener for the window blur event so whenever the window loses focuses. You could also use javascript to manually highlight the user selected text when the window regains focus. You can make it as complex as you wanted.
The point is that the core of the issue, that you can override the users select buffer which could be used to maliciously insert commands, exists.
Appears to be the same developer as wttr.in
The included example script re-runs the selection every 500ms so it would instantly overwrite what the user has selected. In theory you could even lower this timer.
What else has happened in the 7 years that they haven't bothered to mention? Absolutely NOT handled well as timely disclosure is a key part of that.
As a user you don't always have access to the database. It's much easier to work out of Excel than to find the right person to ask in the corporate hierarchy just for them to say no.
Port forwarding is not a cover your ass privacy feature, it's a compatibility feature.
I just did a quick search and yes, Zorin OS is based on Ubuntu so it will be able to work with all the regular Ubuntu packages such as those provided by Proton VPN.
I 100% agree that it effects an extremely small percentage of the population, but it's also not hard to imagine a scenario in which this can have real consequences.
Let's imagine I have a popular website that documents Linux tips and tricks (think: which command can I run to see drive storage used again?). In there I have a short command people can copy and paste to run (maybe
df -h). The user copies this command and switches window to their terminal, at which point the blur event listener fires and I override the innocuous command with a malicious command. The user pastes it into their terminal without any indication that the primary selection content is now different.Yes, this is due to both insecure X and shell settings that doesn't effect everyone (Wayland and sane shell). It's as much or even more the fault of the insecure programs, but Firefox is a part of that. Even in this situation it would be much more likely that the user is effected compared to the "general population". It's more of a targeted attack than a broad insecurity, but it's not a "one in a million" chance.