Comment by mewpmewp2

Comment by mewpmewp2 7 hours ago

2 replies

View on Hacker News

I can understand clicking on the link while not paying attention, but I do wonder how many people who are signed up on GitHub would follow through with pasting this command. I could understand if elderly non technical people might follow up with it, but this one, I wonder what the rate is.

hmottestad an hour ago

Just clicking on the link might be enough. Maybe you have a slightly outdated browser with a known vulnerability. Maybe you’re holding off on installing an update just to be sure it won’t break anything.

And even if everything is up to date Pwn2Own regularly shows that having a user browse to a website is enough to get root access. Thankfully most people don’t have to worry about this since they are unlikely to attract the attention of someone with that level of resources.

Reply View 1 reply
  • hmottestad 42 minutes ago

    If I had those kinds of resources I might even put a captcha on the site that asks the user to do something incredibly stupid just to make them think they were in the clear.

    Reply View 0 replies