Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
ricardo :mastodon: (governa@fosstodon.org)'s status on Friday, 16-Feb-2024 12:08:36 JST ricardo :mastodon:

#Ubuntu Tool Could Trick Users Into Installing Rogue Packages
https://linuxsecurity.com/news/hackscracks/ubuntu-tool-vulnerability
In conversation about a year ago from fosstodon.org permalink
Attachments
1. Domain not in remote thumbnail source whitelist: linuxsecurity.com
  
  Ubuntu Tool Could Trick Users Into Installing Rogue Packages | LinuxSecurity.com
  
  from Brittany Day
  
  How Does This Exploit Work? The command-not-found tool relies on the Advanced Packaging Tool (APT) a
- Embed this notice
  翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 16-Feb-2024 12:08:36 JST 翠星石
  in reply to
  
  @governa That article seems to be a lot of fluff to barely mention that malware can be uploaded onto the snap repository (who would have thought) with the same name as free software not in the apt repo and then have apt recommend the malware for installation.
  
  Snap really wouldn't have such issue if proprietary malware wasn't allowed in the repositories and uploaders had to provide the source code, for checking by a maintainer, which is then compiled and made available, but alas snap welcomes proprietay malware like discord into the repo.
  
  In conversation about a year ago permalink

Feeds