- cross-posted to:
- linux@lemmy.world
- cross-posted to:
- linux@lemmy.world
You must log in or # to comment.
If you download and install untrusted code extensions, you’re screwed. Not like it’s rocket-science.
So who can you trust?
Yourself and the code you read and understand. So as long as you don’t use a system where this is possible (say 9Front and the like) you trust nothing and nobody, do careful backups and don’t go on a installation spree.
I fear there is no such system where this applies. The tech stack on any old netbook is so advanced and complex that there is nobody on this planet who fully understands it.
Being theoretically able to read the code is certainly better than not being able to, but it’s not the same as having actually read and understood all the relevant code to the point where you can be somewhat confident that there’s no backdoor in it.
(And even if someone had the time and mental capacity to do that, at some point when going through the stack you always hit a proprietary layer. Be that drivers, the bootloader, component firmware or the hardware itself.)
Depends on.
If you’re not using your PC for highly critical applications, go high-trust mode, and read news about those who become untrustworthy.
For critical applications, always check the usernames of the developers, use software trusted by others, etc.
With no indication that VoidLink is actively targeting machines, there’s no immediate action required by defenders, although they can obtain indicators of compromise from the Checkpoint blog post.
Don’t click on the article. It’s an AI regurgitated summary and internet rot site.
You’re welcome.
Considering Dan isn’t a bot and responds to comments in the forum, I suspect you have no clue what you’re talking about.
The sourced research he cites is also not AI generated.
Ars technica is usually legit.
you’re AI on an internet rot site.
“The VoidLink interface is localized for Chinese-affiliated operators, an indication that it likely originates from a Chinese-affiliated development environment.”
Baha, shit propaganda… Yes of cause it MUST be the Chinese ! I mean, it is impossible to fake an interface in another language, and we all know they are out to eat our children… sigh…
And who says ? This is not better than the shit corps amazon, micro***p, etc, that are now identifying foreign ‘threats’ for the US Fascist regime. Who gave private corps the right to examine AND convict other nations - without any transparency or oversight - on a whim from their Boss.
Get away from US *unts and their insane propaganda - ASAP !!
Have you looked at the files? They were obviously generated in a Chinese-affiliated development environment, and the interface is designed for Chinese speakers. Which is exactly what they said. They very pointedly DIDN’T say that the malware was written by the Chinese government or one of their affiliates.
It’s also not in the same style as the stuff generated by the various Chinese APT groups, so is likely by some third party with Chinese connections. It’s a very methodical and thorough collection, but it wasn’t discovered via an attack — the researchers stumbled across the test environment. And that’s not something that’s likely to be the case with state actor-related groups.
you know, you’re right. it couldn’t have been china or russia since it’s far more advanced than typical.
Did you get your $0.50 for that?
